Threat model: Attacker from the network

Vulnerable open port apps put device under the threat of network attackers. Attacker can first scan his local network or even public IP addresses in the Internet to discover hosts, and then use MAC address database to identify mobile devices. Once reachable mobile devices are selected, attacker sends traffic to the port that belongs to certain vulnerable app on those hosts, and vulnerabilities are exploited if vulnerable apps are running on those devices. For ethical concern, we only demonstrate the attack in the local network using ARP-Scan to discover victims. Note that attacker can also use some tools such as ZMap to discover victims in the Internet scale! 

In this demo,  attacker uses ARP-Scan in the local network to collect active hosts and send traffic to the  2121 port to steal the photos from victims' devices' external storage. This attack exploits a vulnerable app called Virtual Data Cable, which is intended for user to access the files on their mobile devices from the desktop. However, the apps opens port by default and no client authentication or incoming connection notifications are engaged, which put the device user into severe danger.  Attacker can steal all the data from victim device's storage remotely.  Such attack generally applies to many vulnerable apps we have identified and described in the paper. 

YouTube Video