Researchers recently found that Baidu’s software development kit (SDK) is vulnerable to a bug that can allow the hacker to gain the backdoor like access to a user’s device. Baidu SDK Bug leaves more than 100 million people in risk.
However the SDK Moplus is not directly available to the public but it has been used in more than 14,000 Android apps, 4,000 of which is created by Baidu itself. According to the data more than 100 million people have downloaded those apps which puts them in a danger.
The security researchers from Trend Micro have discovered the bug in Moplus SDK. They call it Wormhole, which allows the hackers to run an unsecured HTTP connection on the target device without the knowledge of the user. The unsecured HTTP used by hacker does not require any authentication and can accept the request by anyone from internet. As the server is controlled by the hacker, so hacker can execute any malicious commands on the target device.
See Also: Windows 10 free for Pirates windows user
Researchers have founded that SDK is currently using the port 6259 or 40310 to execute the malicious command on target Android device to perform the actions like:
- Sending messages
- Making Phone calls
- Downloading files on the device
- Adding new contact
- Push web pages
- Uploading files from the device and much more.
Hackers just need to scan the mobile networks for port 6259 or 40310 to find the devices that can be abused as the opening of the Moplus SDK app automatically installs the web server on the Android device.
This is not the first time when the Chinese SDK is distributing malicious SDK, few days back it was found that Taomike is secretly spying on users’ SMS messages.
Fix to Baidu SDK Bug
Researchers have constructively reported about the bug to both Baidu and Google. Baidu has recently pushed a partial fix for the vulnerability, which fixes some of the functionality of the Moplus SDK. However, Baidu claims that no vulnerability exists now.
Have something to add on Baidu SDK Bug: Puts over 100 Million devices at risk? Please add in comments.
Follow us on Facebook, Google Plus and Twitter to get more Tech News and reviews.