Security researchers found a vulnerable Android app that allowed an attacker to send messages to the phone and trigger various commands, without any sort of authentication. The mobile threats team at Trend Micro discovered that the mobile app of Meituan, a Chinese site that promotes discount deals in a similar way as Groupon, would listen on TCP port 9517 in order to receive messages from a server, but the sender would not be authenticated. Basically, a command on the phone can be triggered …
Comments are closed.
