[ad_1]
Despite Apple’s efforts to secure iOS, it’s difficult to control how third-party apps store user data. A new study from mobile security company Zimperium has found that thousands of iOS and Android apps expose users’ personal information due to misconfigured cloud services.
As reported by Wired, Zimperium analyzed over 1.3 million iOS and Android apps to identify cloud configuration errors that lead to user data exposure. Of all the applications analyzed, 47,000 iOS applications and 84,000 Android applications used public cloud services such as Amazon Web Services, Google Cloud or Microsoft Azure in their backend instead of having their own servers.
Research found that at least 14% of these apps using public cloud services exposed users’ personal information, including passwords and health data, due to misconfigurations that allowed hackers to access. this data and even overwrite it.
Zimperium CEO Shridhar Mittal explains that many of these developers have not properly configured the cloud service they are using to prevent such breaches.
Hacking groups already perform this type of analysis to find cloud configuration errors in web services. And Mittal says that in addition to sensitive user data, researchers also found network credentials, system configuration files, and server architecture keys in some of the exposed application stores that attackers could potentially. use to gain deeper access to an organization’s digital systems.
Although cloud service providers such as Amazon Web Services have tools to detect possible configuration errors, the primary responsibility for preventing this type of situation lies with developers. Unfortunately, most people have no idea that their data can be exposed on the web by applications they trust.
Zimperium contacted the developers of some of the scanned apps, but most of them did not respond to a request to fix the violation in their apps. Researchers say that not only applications from small developers were affected by misconfiguration of cloud services, but also applications from large enterprises.
One of the apps in question is a mobile wallet from a Fortune 500 company that exposes certain user session information and financial data. Another is a big city transportation app that exposes payment data. Researchers have also found medical applications with test results and even profile pictures of users in the open.
Researchers hope today’s report will help more developers learn how to properly configure cloud services in applications. You can read the full story on the Wired website.
FTC: We use automatic income generating affiliate links. After.
Check out 9to5Mac on YouTube for more information on Apple:
[ad_2]
Source link