Data from 100 million Android users exposed by failed cloud storage sync

Data from over 100 million Android app users has been exposed due to misconfiguration related to third-party services.

Details A May 20 exposure by researchers at Check Point Software Technologies Ltd relates to 23 popular apps that put your personal data at risk through the developer’s internal resources, such as update mechanisms and storage access. ..

The potential breach is primarily due to the use of real-time database access, a service that allows developers to store data in the cloud. Researchers have found that the app does not protect access between the app and the cloud database, so it can recover sensitive information such as email addresses, passwords, private chats, device locations and user IDs.

One example is an app called Astro Guru. It has been described as a popular astrology, horoscope and palmistry app with over 10 million downloads. The data was not securely synced through a cloud-based real-time database, giving the researchers access to personal information, including payment details.

The researchers point out that cloud storage for mobile applications is a sophisticated solution for accessing files, but embedding the same service’s private and access keys into apps could have serious implications. did.

“Some of these issues uncovered in the Check Point investigation are similar to those encountered in the iPhone Recorder case,” said Michael Isbitsky, a technology evangelist for the security startup at Application Programming Interfaces. I have. Salt Security Co., Ltd. told Silicon Angle. “Mobile application developers often rely on cloud-hosted databases and data storage such as AWS S3 to store mobile client content.”

To check some Android app checkpoints, he explained that developers have embedded back-end cloud storage connection keys directly into their mobile application code. β€œIt is a bad practice to hard-code and store static access keys in your app. Your app uses this app to connect to your organization’s own back-end APIs or third-party cloud APIs,” He said. Say.

Developers think mobile backends are hidden from hackers, explained Ray Kelly, principal security engineer at cloud application security provider WhiteHat Security Inc. This is known in the cyber security industry as “eavesdropping”.

“It’s like hiding your house keys under your front door mat and thinking your house is secure,” Kelly said. “To keep your mobile application secure, thoroughly test your application’s binaries, network layers, back-end storage and APIs for security vulnerabilities that could lead to issues such as data breaches. “

Image: Checkpoint

because you are here …

Show your support for our mission with a one-click subscription to the YouTube channel (below). The more subscribers you have, the more relevant enterprise content and emerging technology content YouTube will suggest. Thank you!

Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> on our youtube channel.

…and I want to talk about my mission and how you can help achieve it. SiliconANGLE Media Inc. Its business model is based on the intrinsic value of the content, not on advertising. Unlike many online publications, we don’t run paywall or banner ads because we want to keep the journalism open without tracking influence or traffic.Journalism, Press, Commentary SiliconANGLE β€” with live unscripted video from Silicon Valley studios and video teams traveling around the world cube – It takes a lot of effort, time and money. Maintaining high quality requires consistent sponsor support with an approach to ad-free journalistic content.

If you like reports, video interviews and other ad-free content here, check out our sponsor-supported sample video content. Tweet your support, and keep coming back siliconangle..

Source link: 100 million Android users’ data exposed by failed cloud storage sync

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *