According to the research led by a group of security experts from the University of Michigan, millions of Android smartphones are at risk. The problem lies within applications that open ports on smartdevices in order to facilitate features like sharing files on the network. Although for a user it seems that only another authenticated user is able to see what he shares, the study concluded that mechanism put in place to prevent unauthorised access are easily bypassed if they even exist in the first place.
Over twenty thousand applications from the Google Play Store were scanned as part of this study. Close to four hundred were vulnerable to one form or another of the described attack. The most popular app of these has been downloaded million of times. To demonstrate the attacks, researchers have created different attack vectors showing how an attacker could get access to data from an affected device via web or by being in the same network with its victim. In some cases techniques such as session hijacking were also used but for some apps knowing what requests to make was enough to achieve the attack goal.
