Backdoor Access Discovered in Thousands of Android Apps

In an academic study, 12.706 Android application detected hidden access type such as secret access key, master password and secret command. Researchers state that these secret backdoor accesses could mean unauthorized access to attackers.

According to a comprehensive academic study published this week, 12.706 Android apps showed behaviors similar to hidden backdoor access, such as hidden access key, master password and secret command. Academics from the US and Europe have developed a tool called InputScope to detect these backdoor access in their research. This tool was used to analyze login form fields in more than 150,000 Android apps.

If we look more closely, scientists from the Play Store (based on the number of times downloaded) 100,000 application, the most popular third-party stores from 20,000 originally embedded in applications to Samsung devices and 30,000 'i n the examined applications. The research team explained that their findings are alarming. It is stated that a total of 12,706 applications provide various types of back door access.

Open door to attackers

The researchers emphasize that these hidden open door mechanisms can allow attackers to gain unauthorized access to their phone users' accounts . Moreover, if the attacker has physical access to a device and one of these applications is installed on the device, then the attacker can either access a phone or privately run code on that device via a command hidden in the application's data entry area .

Researchers cite an example of a popular remote access application with over 10 million downloads. Through the master password in this application, access can be unlocked even if the user restricts access when he loses his phone. Besides that, again a popular screen lock app has an access key that will randomly reset the passwords of users to unlock the screen and log in to the system .

In another example, there is also an access key that allows access to the administrative interface of a popular broadcast application . In this way, an attacker can rearrange the application and unlock additional functions. Finally, in a popular translation application, a secret key was discovered that would eliminate paid membership .

Researchers state that they have detected such backdoor accesses in the 6,800 applications available on the Play Store . The number of incoming applications installed on Samsung devices is 4,800 . The researchers said they had notified all developers who owned the apps that had this problem, but could not get back from some of them.

Besides all these, it was found that 4.028 Android application had bad word filter or black lists created for political reasons.

Copyright © 2020