Think about everything you do with your smartphone. It's not just a gadget for talking to your friends who live hundreds of miles away anymore. Nowadays, we also use these handy devices for critical tasks like financial transactions and storing important documents.
Imagine if cybercriminals were able to get their hands on all of the sensitive information on your smartphone or tablet. That would lead to some horrifying consequences. Unfortunately, there are some popular apps that are leaving millions of users open to hackers.
Is your gadget open to hackers?
Researchers at the University of Michigan have developed a tool that scans apps, searching for vulnerabilities. They analyzed 24,000 apps that are available in the Google Play Store for Android gadgets and found 410 that are potentially vulnerable.
The problem with these apps is they contain a security hole that hackers could potentially take advantage of. The flaw would allow cybercriminals to steal critical data and install malware on smartphones and tablets that have impacted apps.
The vulnerability is found in apps that create open ports on gadgets. That means a user can connect to a port on their gadget and access its data via Wi-Fi. One reason for this feature is to move files from your gadget to a computer.
The researchers said, "The server port opens by default at app launch time and silently runs in the background. It does not authenticate clients nor notify incoming connections, thus can be easily scanned and exploited by remote attackers. Moreover, it does not check the requested file path, so that attacker can access files beyond the photo folder on [an] SD card to steal sensitive data from app cache and system directory."
The most downloaded app that the researchers found with this vulnerability is called Wi-Fi File Transfer. This app has been downloaded over 10 million times from the Google Play Store.
Here is a small list of other apps with the flaw:
- Virtual Data Cable
- Huang CheatMaker
- Open VPN
When security teams discover vulnerabilities like this, they contact the app maker and ask them to patch the flaw. The full list of impacted apps hasn't been released to the public yet to allow for patches to be created without tipping hackers off.
If you have one of the known apps that are impacted, you should delete it from your gadget. It's the best defense from being hacked. You should also have strong anti-virus software on your gadget to help keep malware from being installed.
If you decide to keep an impacted app, frequently check for updates. Hopefully, the app maker will patch the flaw ASAP.