Hundreds of iOS apps are fleeing data due to poorly configured Firebase backbases, according to a report



[ad_1]

Some 2200 unsecured Firebase databases leaked more than 3,000 iOS and Android apps, exposing more than 100 million pieces of data, including passwords, health information, and GPS location data.

  The HospitalGown Report of Appthority

According to a new report from Appthority mobile app security firm, called Q2 2018 Enterprise Mobile Threat Report the problem is caused by a new variant of what is nicknamed "HospitalGown Vulnerability." HospitalGown, brazenly named because it deals with data "leaked through the backend data stores," was identified by the Appthority Mobile Threat team in 2017.

Now, Appthority reports that the problem is getting product when application developers choose not to require authentication. Google Firebase cloud databases, which is not done by default when developers use the popular development tool.

Appthority found that of the 1,275 iOS applications using a Firebase database, 600 were vulnerable. Overall, more than 3,000 applications leaked data from 2,271 misconfigured databases. Among the disclosed data are 2.6 million unencrypted passwords and user IDs, over 4 million protected health information records and 50,000 financial records.

"To properly secure data, developers must specifically implement user authentication across all tables and rows in the database, which rarely happens in practice," writes Appthority in the report. "In addition, it takes little effort for hackers to find databases of open Firebase applications and access millions of private mobile data application registrations."

  Appthority Numbers

Bleeping Computer which reports Last week's results, Firebase is a Google product that contains backend tools for creating mobile apps. Appthority has evaluated 2.7 million d & rsquo; IOS and Android applications to identify Android applications 28,502 mobile applications – 27,227 Android and 1,275 iOS – which stored data in the backbases of Firebase.

Appthority also found that the use of Firebase has increased, as well as the amount of vulnerable applications.4678 (9%), were vulnerable

Appthority recommends developers to protect their data more effectively.

"You will need to perform n in-depth review of the security of third-party built-in links, internally developed apps, and public apps available for employee productivity, "writes Appthority in the report. "You may have difficulty gaining visibility into the data exposed by this threat in EMM applications and EMM public applications without a MTD solution focused on backend threats and vulnerabilities, such as Appthority Mobile Threat Protection."

issue and provide a list of affected applications and servers.

[ad_2]
Source link