Latest in Android

Image credit:

Bunk Baidu SDK puts backdoor on millions of Android devices

Shares
Share
Tweet
Share
Save

A software development kit created by Baidu, China's Google, has reportedly opened more than 100 million Android devices to malicious hackers. Baidu's Moplus SDK may not be available to the public but it's already made its way into more than 14,000 Android apps -- only 4,000 of which Baidu actually created. The SDK allows its apps to open an unsecured and unauthenticated HTTP server connection.

This means that anyone with access to the SDK can theoretically develop an app that automatically connects to a hidden server on the internet, allowing the server to run predetermined commands on the phone. These commands include adding new contacts, uploading files, making phone calls and installing other apps or malware. Trend Micro reported over the weekend that they'd already found malware -- ANDROIDOS_WORMHOLE.HRXA -- downloading to compromised devices. The problem is even more severe for rooted devices as they won't notify users when new apps are installed. Baidu has already issued a partial fix for the problem, however the HTTP server remains online and active.

[Image Credit: AFP/Getty Images]

From around the web