Digital Forensics Dispatch

Study Finds a Large Number of Mobile Apps Could be Vulnerable to Hacking

April 7, 2020

Help Net Security reports that a team of cybersecurity researchers discovered a large number of mobile apps that contain a backdoor that might allow others to access private data or block content. The research team was headed up by Zhiqiang Lin, an associate professor of computer science at The Ohio State University and graduate research assistant Qingchuan Zhao. They examined 150,000 applications available across multiple App stores, including the Google Play Store, as well as pre-installed applications on Android smart phones. During their research, they discovered that 12,706 applications contained what the team labeled as “backdoor secrets.” These are “hidden behaviors within the app that accept certain types of content to trigger behaviors unknown to regular users” the article states.

In addition to the backdoors, they found that some applications have a built-in master password which would allow anyone with that password to access the app and any data that is contained within the app. The team of researchers also discovered that some applications had secret access keys. The access key would allow hidden options to be triggered within the application, such as bypassing payment. Lin states “[both] users and developers are at risk if a bad guy has obtained these ‘backdoor secrets’.”

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics