• About Us
  • Contact Us
  • Today Headline
  • Write for us
Today Headline
No Result
View All Result
  • breaking news today
    • Politics news
    • Sports
    • Science News & Society
  • Entertainment News
    • Movie
    • Gaming
  • Technology News
    • Automotive
  • Health News
    • Lifestyle
    • Insurance
  • Finance News
    • Money
  • Enterprise
  • Contact Us
  • breaking news today
    • Politics news
    • Sports
    • Science News & Society
  • Entertainment News
    • Movie
    • Gaming
  • Technology News
    • Automotive
  • Health News
    • Lifestyle
    • Insurance
  • Finance News
    • Money
  • Enterprise
  • Contact Us
No Result
View All Result
TodayHeadline
No Result
View All Result

Misconfiguration of third party mobile apps exposes the data of 100 million users

May 22, 2021
in Technology News
Reading Time: 3 mins read
misconfiguration of th - TodayHeadline


Misconfiguration of third party mobile apps exposes the data of 100 million users

Check Point Research backend code. Credit: Check Point Research

Despite the obvious benefits of contemporary cloud-based, mobile application development solutions—such as cloud storage, notification management, real-time databases, and analytics—many developers of these solutions fail to properly take into account the potential security risks involved when these apps are misconfigured.

Most recently, Check Point Research has discovered misconfigurations and implementation issues that have exposed the data of 100 million mobile application users. This kind of exposure places both the users as well as the app developers at risk of reputation threats and security damage. In this instance, the developers left open notification managers, storage locations and real-time databases to access by attackers, thus leaving 100 million users vulnerable.

In terms of real-time databases, cloud services can help mobile app users sync their data to the cloud in real time. However, when developers do not correctly implement this service with authentication, any user can theoretically access that database, including all mobile customer data. In fact, researchers expressed surprise at facing no obstacles to accessing these open databases for certain apps on Google Play. Some of the aspects obtainable in this case were device locations, email addresses, passwords, private chats and user identifiers, among other attack vectors. Such vulnerabilities leave all of these users at risk for fraud and identity theft.

Indeed, the popular horoscope app Astro Guru is one app with such vulnerabilities, potentially exposing all users to a leak of personally identifiable information (PII) – such as birthdate, email, gender and location as well as payment information—following a recorded 10 million downloads.

Similarly, the taxi app T’Leva which already has more than 50,000 installs allowed researchers to pull the full names of users as well as phone numbers and both destinations and intended pickup locations by sending just one request to the database.

Next, researchers also found that even the push notification manager had fallen vulnerable. This means that any malicious actor able to gain access to the manager could send the user notifications on the developer’s behalf.

Moreover, cloud storage of these mobile apps presents a particular risk to users, as the research team also found that many developers left exposed both the access keys as well as the secret keys to stored data within the Screen Recorder service application. Evidently, a cursory analysis of the application file enabled researchers to recover these keys and access user recordings.

Finally, research showed that CopyCat malware also has the ability to retrieve keys for at-risk cloud storage services, demonstrating how malicious developers can also take advantage of these vulnerabilities.


Unsecured cloud configurations expose data across thousands of mobile apps


More information:
Hazum, A., et al. “Mobile App Developers’ Misconfiguration of Third Party Services Leave Personal Data of over 100 Million Exposed.” Check Point Research, Check Point Research, 20 May 2021, research.checkpoint.com/2021/m … 100-million-exposed/.

© 2021 Science X Network

Citation:
Misconfiguration of third party mobile apps exposes the data of 100 million users (2021, May 21)
retrieved 21 May 2021
from https://techxplore.com/news/2021-05-misconfiguration-party-mobile-apps-exposes.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

  • Trending
  • Comments
  • Latest
FHA 203K Loan Rehab Loans Explained - TodayHeadline

FHA 203K Loan: Rehab Loans Explained

John Deere electric mower - TodayHeadline

John Deere launches first electric zero-turn mower

3AC Co Founder Kyle Davies Fails to Respond to Liquidators Subpoena - TodayHeadline

3AC Co-Founder Kyle Davies Fails to Respond to Liquidators’ Subpoena Despite Twitter Delivery – Bitcoin News

Gov. Whitmer Proposes $79 Billion Budget For Fiscal Year 2024

Gov. Whitmer Proposes $79 Billion Budget For Fiscal Year 2024

PopularStories

FHA 203K Loan Rehab Loans Explained - TodayHeadline
Real Estate

FHA 203K Loan: Rehab Loans Explained

John Deere electric mower - TodayHeadline
Automotive

John Deere launches first electric zero-turn mower

3AC Co Founder Kyle Davies Fails to Respond to Liquidators Subpoena - TodayHeadline
Money

3AC Co-Founder Kyle Davies Fails to Respond to Liquidators’ Subpoena Despite Twitter Delivery – Bitcoin News

Gov. Whitmer Proposes $79 Billion Budget For Fiscal Year 2024
Politics news

Gov. Whitmer Proposes $79 Billion Budget For Fiscal Year 2024

About Us

Todayheadline the independent news and topics discovery
A home-grown and independent news and topic aggregation . displays breaking news linking to news websites all around the world.

Follow Us

Latest News

FHA 203K Loan Rehab Loans Explained - TodayHeadline

FHA 203K Loan: Rehab Loans Explained

John Deere electric mower - TodayHeadline

John Deere launches first electric zero-turn mower

3AC Co Founder Kyle Davies Fails to Respond to Liquidators Subpoena - TodayHeadline

3AC Co-Founder Kyle Davies Fails to Respond to Liquidators’ Subpoena Despite Twitter Delivery – Bitcoin News

FHA 203K Loan Rehab Loans Explained - TodayHeadline

FHA 203K Loan: Rehab Loans Explained

John Deere electric mower - TodayHeadline

John Deere launches first electric zero-turn mower

3AC Co Founder Kyle Davies Fails to Respond to Liquidators Subpoena - TodayHeadline

3AC Co-Founder Kyle Davies Fails to Respond to Liquidators’ Subpoena Despite Twitter Delivery – Bitcoin News

  • Real Estate
  • Parenting
  • Cooking
  • NFL Games On TV Today
  • Travel and Tourism
  • Home & Garden
  • Pets
  • Privacy & Policy
  • Contact
  • About

© 2023 All rights are reserved Today headline

No Result
View All Result
  • Real Estate
  • Parenting
  • Cooking
  • NFL Games On TV Today
  • Travel and Tourism
  • Home & Garden
  • Pets
  • Privacy & Policy
  • Contact
  • About

© 2023 All rights are reserved Today headline

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.