In November of 2016, hackers gained access to more than one million Google accounts by infecting Android phones through illegitimate applications. Email, photos, documents, and more were accessed by the hackers, who were discovered by computer researchers at Check Point.
The hackers, according to CNNTech, were able to steal digital tokens that gave them access to personal Google services.
How did the heist work? Smartphones infected by illegitimate applications began to install other, legitimate applications. From there, they would rate the applications highly, inflating their reputation. The virus also installed malicious advertising software that marketers could sell for profit.
While Google blocked more than one hundred thousand versions of the cyber attack, the problem has continued.
A recent study found that hundreds of applications on Google Play help users connect to computers through Wi-Fi connections. Some ports are left open and poorly secured, leaving the device susceptible to hackers. Researchers at the University of Michigan suggest that an app called Wifi File Transfer, which has more than ten million downloads, is the most vulnerable of them all.
In total, more than one thousand applications create open ports. Out of these, more than four hundred have little or no security protection. More than fifty applications leave ports completely open for hackers.
Wifi File Transfer is one such app. It allows users to connect a computer to a phone through an open port, but requires no password authentication to protect data. Hackers could use this opening to gain access to sensitive data – including contacts, photos, and more.
According to researchers, both Google and phone users lack the power to fix the problem. Other than refusing to download the application in the first place, users must wait for developers to make their services safer for Android phones.
Since the first round of hacking in November, Check Point set up a website for users to see if their devices have been hacked. To use this website, you’ll need to enter your Google email address. You can find the website at Gooligan.CheckPoint.com.
There is one more thing users can do to protect themselves. Avoid visiting unofficial app stores, especially on questionable websites. These stores may offer free versions of popular applications, but the versions are counterfeit and often come with viruses that put your personal information at risk.
“These newly discovered exploits can lead to a large number of severe security and privacy breaches,” the researchers at U of M explain. “For example, remotely stealing sensitive data such as contacts, photos, and even security credentials and performing malicious actions such as executing arbitrary code and installing malware remotely.”
Google has yet to comment on the discovery by U of M researchers, but the conclusion remains clear. Users will need to be more careful about the devices they install, or serious and unintended repercussions could follow.
Take the time to check your Google email account to ensure you haven’t been hacked. From there, use legitimate application stores and review each app closely. Your phone will be safer in no time.