\"\"
<\/span><\/figcaption><\/figure>New York: A large number of cell phone applications contain hardcoded secrets allowing others to access private data, according to a study that may lead to new measures to improve smartphone cybersecurity. According to the study, accepted for publication by the 2020 IEEE Symposium on Security and Privacy, apps on mobile phones may have hidden or harmful behaviours about which end users know little to nothing.

Researchers, including Zhiqiang Lin from the Ohio State University in the US, said mobile apps generally engage with users by processing and responding to user input.

Citing examples, Lin said, to prompt an action on their phones, users often need to type certain words or sentences, or click buttons, and slide screens.

In the study, the researchers evaluated 150,000 apps: 1,00,000 based on the number of downloads from the Google<\/a> Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones.

They found that 12,706 of those apps contained something the scientists called \"backdoor secrets\" -- hidden behaviours within the app that accept certain types of content to trigger behaviours unknown to regular users.

The researchers also found that some apps have built-in \"master passwords,\" which allow anyone with that password to access the app, and any private data contained within it.

And some apps, they said, had secret access keys that could trigger hidden options, including bypassing payment.

\"Both users and developers are all at risk if a bad guy has obtained these 'backdoor secrets,'\" Lin said.

Motivated attackers could reverse engineer the mobile apps to discover them, he added.

Developers often wrongly assume reverse engineering of their apps is not a legitimate threat, added Qingchuan Zhao, another co-author of the study from the Ohio State University.

\"A key reason why mobile apps contain these 'backdoor secrets' is because developers misplaced the trust,\" Zhao said.

To truly secure their apps, he said, developers need to perform security-relevant user-input validations and push their secrets on the backend servers.

\"On many platforms, user-generated content may be moderated or filtered before it is published,\" Zhao said, adding that several social media sites, including Facebook, Instagram and
Tumblr<\/a>, already limit the content users are permitted to publish on those platforms.

\"Unfortunately, there might exist problems -- for example, users know that certain words are forbidden from a platform's policy, but they are unaware of examples of words that are considered as banned words and could result in content being blocked without users' knowledge,\" he said.

\"Therefore, end users may wish to clarify vague platform content policies by seeing examples of banned words,\" Zhao added.<\/body>","next_sibling":[{"msid":74945739,"title":"TCIL expects 10% growth, banks on strong order book","entity_type":"ARTICLE","link":"\/news\/tcil-expects-10-growth-banks-on-strong-order-book\/74945739","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":74945957,"entity_type":"ARTICLE","title":"Smarthphone apps have 'backdoor secrets' for hackers: Study","synopsis":"A large number of cell phone applications contain hardcoded secrets allowing others to access private data, according to a study that may lead to new measures to improve smartphone cybersecurity.","titleseo":"telecomnews\/smarthphone-apps-have-backdoor-secrets-for-hackers-study","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":129,"shares":0,"engagementtimems":380000,"url":"https:\/\/ettelecom.indiatimes.com\/telecomnews\/smarthphone-apps-have-backdoor-secrets-for-hackers-study\/articleshow\/74945957.cms"},"Alttitle":{"minfo":""},"artag":"PTI","artdate":"2020-04-02 14:03:50","lastupd":"2020-04-02 14:07:24","breadcrumbTags":["technology news","cyber security","Devices","Tumblr","cyber security news","google"],"secinfo":{"seolocation":"telecomnews\/smarthphone-apps-have-backdoor-secrets-for-hackers-study"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2020-04-02" data-index="article_1">

黑客Smarthphone应用“后门的秘密”:学习

大量的手机应用程序包含硬编码秘密允许他人访问私有数据,根据一项研究,可能会导致新措施来提高智能手机的网络安全。

  • 更新于2020年4月2日下午02:07坚持
阅读: 100年行业专业人士
读者的形象读到100年行业专业人士
纽约:大量的手机应用程序包含硬编码秘密允许他人访问私有数据,根据一项研究可能会导致新的措施来改善智能手机网络安全。根据这项研究,2020年IEEE研讨会上发表的安全和隐私,手机应用程序可能有隐藏的或有害的行为最终用户几乎一无所知。

研究人员,包括林志强从俄亥俄州立大学在美国,说手机应用程序通常与用户通过处理和响应用户输入。

引用的例子,林说,手机提示操作,用户经常需要类型特定的词或句子,或单击按钮,滑动屏幕。

广告
在这项研究中,研究人员评估150000个应用程序:基于00000的下载数量谷歌游戏商店,从另一种市场前20000名,30000年从Android智能手机上预装的应用。

他们发现12706个应用程序包含一些科学家内隐藏的行为称为“后门秘密”——应用程序接受某些类型的内容引发行为未知的普通用户。

研究人员还发现,一些应用程序内置“主密码”,与密码来访问应用程序,允许任何人和任何私人数据中包含它。

和一些应用程序,他们说,曾秘密访问键,可能触发隐藏选项,包括绕过付款。

“两个用户和开发人员都处于危险之中,如果一个坏家伙取得这些秘密的秘密,”林说。

动机的攻击者可以逆向移动应用发现,他补充说。

开发人员常常错误地认为逆向工程的应用程序并不是一个合法的威胁,重灾区青川县赵补充说,另一个从俄亥俄州立大学的该研究的作者之一。

“移动应用的一个关键原因包含这些“后门的秘密”,因为开发人员错误的信任,”赵说。

广告
他说,真正确保他们的应用程序开发人员需要执行安全相关的用户输入验证,推动他们的后端服务器上的秘密。

“在许多平台上,用户生成内容可能会减少或过滤在发布之前,”赵说,并补充说一些社交媒体网站,包括Facebook, Instagram和Tumblr,已经限制内容用户被允许在这些平台上发布。

“不幸的是,可能会存在的问题——例如,用户知道某些词是禁止一个平台的政策,但他们没有意识到单词的例子,是禁止的话,可能会导致内容被屏蔽没有用户的知识,”他说。

“因此,最终用户可能希望澄清模糊的平台政策的内容看到禁止词汇的例子,”赵说。
  • 发布于2020年4月2日02:03点坚持
是第一个发表评论。
现在评论

加入2 m +行业专业人士的社区

订阅我们的通讯最新见解与分析。乐动扑克

下载ETTelec乐动娱乐招聘om应用

  • 得到实时更新
  • 保存您最喜爱的文章
扫描下载应用程序
\"\"
<\/span><\/figcaption><\/figure>New York: A large number of cell phone applications contain hardcoded secrets allowing others to access private data, according to a study that may lead to new measures to improve smartphone cybersecurity. According to the study, accepted for publication by the 2020 IEEE Symposium on Security and Privacy, apps on mobile phones may have hidden or harmful behaviours about which end users know little to nothing.

Researchers, including Zhiqiang Lin from the Ohio State University in the US, said mobile apps generally engage with users by processing and responding to user input.

Citing examples, Lin said, to prompt an action on their phones, users often need to type certain words or sentences, or click buttons, and slide screens.

In the study, the researchers evaluated 150,000 apps: 1,00,000 based on the number of downloads from the Google<\/a> Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones.

They found that 12,706 of those apps contained something the scientists called \"backdoor secrets\" -- hidden behaviours within the app that accept certain types of content to trigger behaviours unknown to regular users.

The researchers also found that some apps have built-in \"master passwords,\" which allow anyone with that password to access the app, and any private data contained within it.

And some apps, they said, had secret access keys that could trigger hidden options, including bypassing payment.

\"Both users and developers are all at risk if a bad guy has obtained these 'backdoor secrets,'\" Lin said.

Motivated attackers could reverse engineer the mobile apps to discover them, he added.

Developers often wrongly assume reverse engineering of their apps is not a legitimate threat, added Qingchuan Zhao, another co-author of the study from the Ohio State University.

\"A key reason why mobile apps contain these 'backdoor secrets' is because developers misplaced the trust,\" Zhao said.

To truly secure their apps, he said, developers need to perform security-relevant user-input validations and push their secrets on the backend servers.

\"On many platforms, user-generated content may be moderated or filtered before it is published,\" Zhao said, adding that several social media sites, including Facebook, Instagram and
Tumblr<\/a>, already limit the content users are permitted to publish on those platforms.

\"Unfortunately, there might exist problems -- for example, users know that certain words are forbidden from a platform's policy, but they are unaware of examples of words that are considered as banned words and could result in content being blocked without users' knowledge,\" he said.

\"Therefore, end users may wish to clarify vague platform content policies by seeing examples of banned words,\" Zhao added.<\/body>","next_sibling":[{"msid":74945739,"title":"TCIL expects 10% growth, banks on strong order book","entity_type":"ARTICLE","link":"\/news\/tcil-expects-10-growth-banks-on-strong-order-book\/74945739","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":74945957,"entity_type":"ARTICLE","title":"Smarthphone apps have 'backdoor secrets' for hackers: Study","synopsis":"A large number of cell phone applications contain hardcoded secrets allowing others to access private data, according to a study that may lead to new measures to improve smartphone cybersecurity.","titleseo":"telecomnews\/smarthphone-apps-have-backdoor-secrets-for-hackers-study","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":129,"shares":0,"engagementtimems":380000,"url":"https:\/\/ettelecom.indiatimes.com\/telecomnews\/smarthphone-apps-have-backdoor-secrets-for-hackers-study\/articleshow\/74945957.cms"},"Alttitle":{"minfo":""},"artag":"PTI","artdate":"2020-04-02 14:03:50","lastupd":"2020-04-02 14:07:24","breadcrumbTags":["technology news","cyber security","Devices","Tumblr","cyber security news","google"],"secinfo":{"seolocation":"telecomnews\/smarthphone-apps-have-backdoor-secrets-for-hackers-study"}}" data-news_link="//www.iser-br.com/news/smarthphone-apps-have-backdoor-secrets-for-hackers-study/74945957">