Latest study of the University of Michigan (UM) found that the "open ports" of an internet communication mechanism in mobile devices are much more vulnerable to security breaches than previously thought.
UM researchers have analyzed 24,000 popular mobiles apps to arrive at this finding, and posted the results on the website of UM.
The researchers found that open port backdoors could be exploited to steal private information such as contacts, security credentials and photos; to remotely control a device; to perform a denial of service attack; or to inject malicious code that could jumpstart widespread, virus-like attacks.
They have identified 410 apps with dangerous insecurities, and 956 different individual ways those insecurities could be exploited.
The vulnerability the researchers highlighted is most pronounced in Android apps that let users share data across devices and connect to their phones from their computers.
The researchers found that more than half of the usage of open ports in the apps they studied is unprotected, and the unprotected nature shows a general lack of awareness of the problem.
Investigating the fundamental causes behind this general vulnerability, the researchers found that it is exposed by popular ways open ports are used in the smartphone ecosystem, rather than poor implementation of apps.
Open ports are integral pieces of internet infrastructure that allow computer programs to accept packets of information from remote servers. It is safe in traditional computers because computers' Internet Protocol addresses don't change.
The researchers have identified certain steps app developers can take to mitigate the vulnerability, and reported the vulnerabilities to affected app developers.
Smartphones also use open ports to receive certain types of information. But because of the way mobile networks are structured, phones' IP addresses can change as they move through the world. This and other factors relating to mobile architecture lead to these vulnerabilities, the researchers say.
