Sunday, April 13, 2025
HomeBackdoorMillions of Smartphones are Vulnerable to inject Backdoor via open Ports

Millions of Smartphones are Vulnerable to inject Backdoor via open Ports

Published on

SIEM as a Service

Follow Us on Google News

[jpshare]A Recent Research Revealed by University of Michigan  Research team, Open Ports Create Backdoors in Millions of Smartphones .This Vulnerability Existing in Low secured Server Software which used to Serve for Remote Clients . 

Many of Smart phones are using Open ports support  in server and mostly it serves in Traditional servers which communication endpoint for accepting incoming connections.

- Advertisement - Google News
According to the Researchers From University of Michigan,  perform an open port usage analysis on 24K popular Android apps from Google Play ,and successfully classify 99% of the usage 5 category which including data sharing, proxy, remote execution, VoIP call,and PhoneGap by  Using OPAnalyzer tool which Developed by they own

These open port Families, if its not much Protected  most of the ports are directly enable a number of serious remote exploits .

Most popular usage, data sharing, over half of the paths can be easily triggered by any remote attacker, and in some usage categories such as proxy, over 80% of the paths are not protected.

According to the output of the OPAnalyzer  Tool, they uncover 410 vulnerable applications with 956 potential exploits in total, and manually confirm 57 vulnerable apps including popular ones with 10 to 50 million downloads on the official market, and also an app that is pre-installed on some device models.

Researchers Reported, “If one of these vulnerable open port apps is installed, your phone can be fully taken control of by attackers.”

Design Pattern of Open Port Apps:

Android application that opens a port for Accepting remote Command to push notifications on the client’s Device. The application initially makes a ServerSocket to Listen in on a TCP port.

Once a Victims associates with the port, the application peruses the remote contribution from the attachment and serves the demand.

In this illustration, the application checks whether the remote info contains the “PUSH” Command, and assuming this is the case, it begins pushing the messages contained in the remote contribution to Device notice bar.

 An app’s open ports to steal photos with on-device malware:

The incoming connection notification, which pops up a window when a new host connects to the open port and displays the IP address of the host And the request is not served until user explicitly accepts the client by clicking the “allow” button,  researchers said

Here the Demo Videos tested by the Researcher for steal photos with on-device Malware.

Steal photos via a network attack:

Victims behind NAT or using private WiFi networks, attackers sharing the same local network can use ARP scanning  to find reachable smartphone IP addresses at first, and then launch targeted port scanning to discover vulnerable open ports .

 Force to SMS to a premium service:

This video Demonstrate How Attacker Forcing victims to send a Premium rate  SMS with one Click.

These vulnerabilities can be exploited to cause highly-severe damage such as remotely stealing contacts,photos, and even security credentials, and also performing sensitive actions such as malware installation and malicious code execution, Researchers said.

Also Read:

Mass Scan Revealed More Than 30000 Windows Computers Infected by NSA backdoor DoublePulsar

A new IoT Botnet is Spreading over HTTP Port 81 and Exploit the Vulnerability in Security Cameras

Smartphone Sensors can Spying your Mobile and Reveal PINs and Passwords by Tracking your Motion

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...

HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Python JSON Logger Vulnerability Enables Remote Code Execution – PoC Released

A recent security disclosure has revealed a remote code execution (RCE) vulnerability, CVE-2025-27607, in...

PoC Exploit Released for Ingress-NGINX RCE Vulnerabilities

A recently disclosed vulnerability in Ingress-NGINX, tracked as CVE-2025-1974, has raised concerns about the...

CISA Warns of NAKIVO Backup Flaw Exploited in Attacks with PoC Released

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a...