Dive Brief:
- New research from the University of Michigan's Electrical Engineering and Computer Science department shows open ports, or "wormholes," in 410 Android apps available via the Google Play store, which could be exploited by hackers, according to reporting from Ed Tech: Focus on Higher Ed and Campus Technology.
- In all, the researchers found "956 potential exploits," with the uses of these open ports including data sharing that can open a path from hacked devices to a remote host, proxy paths that send input requests elsewhere, remote executions that can trigger things like a text message, or VoIP systems that can listen in or spoof caller IDs to facilitate phishing, Ed Tech reports.
- The researchers also found that firewalls are no longer enough to protect users due to the difficulty of configuring the right rules for every app on their device, but they recommended the use of adequate authentication for anything that might connect to a device.
Dive Insight:
The University of Michigan research comes at a critical time following a massive email phishing scam using Google Docs via Gmail, and as higher education institutions find themselves increasingly targeted by hackers.
Ultimately, the best line of defense is in campus IT departments educating users to recognize and self-police their activities. On the authentication end, that can be ensuring that everyone on campus is aware of things like two-factor authentication, which require users to input their password at login, followed by a code sent to their mobile device. But some institutions, like the University of Dayton, have also taken to educating students, faculty and staff to identify and avoid phishing scams via test runs that have also become popular in other organizations.
As Associate Provost and CIO Dr. Thomas Skill told us last year, "We didn't want to roll out two-factor and have people walk away thinking, 'Oh, security is fixed because we all have two-factor now.' Our goal here is that this is no different than any athlete training for the toughest competition. Every day, the bad guys out there are coming up with newer, better, smarter, faster ways to trick us into doing stuff, so we've got to be exercising every day with our effort to understand when we can recognize a phish and when we can't, and we're tracking all the data on what we're doing here."