It appears that if you use mobile apps, though which ones are in question, you might be exposing the data stored within them to being swiped. Here’s what I mean via The Globe And Mail:
Security researchers have uncovered a flaw in the way thousands of popular mobile applications store data online, leaving users’ personal information, including passwords, addresses, door codes and location data, vulnerable to hackers.
The team of German researchers found 56 million items of unprotected data in the applications it studied in detail, which included games, social networks, messaging, medical and bank transfer apps.
“In almost every category we found an app which has this vulnerability in it,” said Siegfried Rasthofer, part of the team from the Fraunhofer Institute for Secure Information Technology and Darmstadt University of Technology.
Team leader Eric Bodden said the number of records affected “will likely be in the billions.”
Here’s a description of the issue from the same article:
The problem, Bodden said, is in the way developers – those who write and sell the applications – authenticate users when storing their data in online databases.
Most such apps use services like Amazon’s Web Services or Facebook’s Parse to store, share or back up users’ data.
While such services offer ways for developers to protect the data, most choose the default option, based on a string of letters and numbers embedded in the software’s code, called a token.
Attackers, Bodden says, can easily extract and tweak those tokens in the app, which then gives them access to the private data of all users of that app stored on the server.
The good news is that nobody has actually used this exploit for nefarious purposes. Yet. But you know that this is coming now that this info is public. So what’s being done about this? Apple, Google, Amazon and Facebook are all apparently taking action. But app developers need to do the same. The fact is that with everyone and their dog using smartphones and tablets, this is a really, really big deal. Swift action needs to be taken by all concerned or this could get really ugly.
Related
This entry was posted on June 17, 2015 at 9:39 am and is filed under Commentary with tags Privacy, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Mobile Apps Put “Billions” Of User Records At Risk
It appears that if you use mobile apps, though which ones are in question, you might be exposing the data stored within them to being swiped. Here’s what I mean via The Globe And Mail:
Security researchers have uncovered a flaw in the way thousands of popular mobile applications store data online, leaving users’ personal information, including passwords, addresses, door codes and location data, vulnerable to hackers.
The team of German researchers found 56 million items of unprotected data in the applications it studied in detail, which included games, social networks, messaging, medical and bank transfer apps.
“In almost every category we found an app which has this vulnerability in it,” said Siegfried Rasthofer, part of the team from the Fraunhofer Institute for Secure Information Technology and Darmstadt University of Technology.
Team leader Eric Bodden said the number of records affected “will likely be in the billions.”
Here’s a description of the issue from the same article:
The problem, Bodden said, is in the way developers – those who write and sell the applications – authenticate users when storing their data in online databases.
Most such apps use services like Amazon’s Web Services or Facebook’s Parse to store, share or back up users’ data.
While such services offer ways for developers to protect the data, most choose the default option, based on a string of letters and numbers embedded in the software’s code, called a token.
Attackers, Bodden says, can easily extract and tweak those tokens in the app, which then gives them access to the private data of all users of that app stored on the server.
The good news is that nobody has actually used this exploit for nefarious purposes. Yet. But you know that this is coming now that this info is public. So what’s being done about this? Apple, Google, Amazon and Facebook are all apparently taking action. But app developers need to do the same. The fact is that with everyone and their dog using smartphones and tablets, this is a really, really big deal. Swift action needs to be taken by all concerned or this could get really ugly.
Share this:
Like this:
Related
This entry was posted on June 17, 2015 at 9:39 am and is filed under Commentary with tags Privacy, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.