100M users at risk from Chinese Android software devkit
MANILA, Philippines (UPDATED) – Around 100 million users of apps that take advantage of a software development kit (SDK) from Baidu are at risk after security firms found that the SDK gave backdoor-like access to a user’s device.
According to Trend Micro, the Moplus SDK is integrated in 14,112 applications.
PC World said the vulnerability in the Moplus SDK, called Wormhole, lets attackers "open an HTTP server on devices where affected apps are installed; the server doesn’t use authentication and accepts requests from anyone on the Internet."
If an attacker sends a request to this hidden HTTP server, they can tell the device to execute commands that were implemented in the SDK, including grabbing information from the device, such as like location data and search queries.
It also lets the attacker add new contacts, upload files, make phone calls, display unwanted or otherwise fake messages, and install other applications.
Trend Micro also said the vulnerability is potentially easier to exploit than the Stagefright vulnerability, as it does not require social engineering to hit an unsuspecting target.
Trend Micro has also seen malware that takes advantage of the Wormhole vulnerability in Moplus. The malware is detected as ANDROIDOS_WORMHOLE.HRXA.
Trend Micro has informed Baidu and Google of the issue.
While 4,014 of the affected apps are from Baidu, the rest require the third-party developers to patch their apps to ensure protection from exploitation.
Baidu has released a new version of the SDK and asserts that no backdoor exists now. It will be further removing some inactive code in its next release.
In the meantime, Trend Micro advises scanning for the vulnerability using a reputable mobile security app – Trend Micro suggests their own application – and then removing any affected apps. – Rappler.com
Android phone image via Shutterstock