1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Thousands of mobile app cloud databases have been left exposed on

    From TechnologyDaily@1337:1/100 to All on Wed Mar 16 04:15:04 2022
    Thousands of mobile app cloud databases have been left exposed online

    Date:
    Wed, 16 Mar 2022 04:00:39 +0000

    Description:
    The creators of 2,113 mobile apps failed to properly secure their cloud databases with a username and password.

    FULL STORY ======================================================================

    Businesses continue to leave their cloud databases unsecured online despite the risk of company data and even user data being exposed.

    Following a three month study, Check Point Research (CPR) found 2,113 mobile applications whose databases were unprotected in the cloud and could be accessed by anyone with a browser .

    The mobile apps with exposed databases ranged from those with more than 10k downloads all the way to very popular apps with over 10m downloads. CPR found a wide variety of sensitive data from the apps in question including chat messages, personal photos, phone numbers, emails, user names, passwords and more.

    Head of threat intelligence and research at Check Point Software, Lotem Finkelsteen explained how the firm's security researchers were easily able to find these exposed databases using the free online tool VirusTotal , saying:

    In this research, we show how easy it is to locate data sets and critical resources that are open on the cloud to anyone who can simply get access to them by browsing. We share a simple method of how hackers can possibly do it. The methodology entails searching public file repositories like VirusTotal
    for mobile applications that use cloud services. A hacker can query
    VirusTotal for the full path to the cloud backend of a mobile application. We share a few examples of what we could find in there ourselves. Everything we found is available to anyone. Ultimately, with this research we prove how
    easy it is for a data breach or exploitation to occur. The amount of data
    that sits openly and that is available to anyone on the cloud is crazy. It is much easier to breach than we think. Mobile apps with exposed databases

    In a new blog post , CPR provided several examples from its study without mentioning the names of the mobile apps that had left their cloud databases unsecured online.

    The first app is for a large department store chain in South America which
    has been downloaded more than 10m times. By searching VirusTotal, CPR was
    able to find API gateway credentials and an API key. To make matters worse, these credentials were in plain text and anyone would be able to read them
    and use them to access the accounts of the department store's customers.

    The next app is a running tracker application designed to track and analyze a runner's performance and it has been downloaded over 100k times. Its database contained users' GPS coordinates and other health parameters like their heart rates. With this information in hand, an attacker could create maps to track the whereabouts of the app's users. Read More

    Sega left a huge database of user information open to hackers

    Over half a million transportation industry credit reports were left
    unsecured online

    These countries have the most exposed databases online

    Next up, CPR found the exposed database of a dating app for people with disabilities. This database contained 50k private chat messages along with pictures of the senders. CPR also found the exposed database of a widely used logo maker application that has been downloaded more than 10m times. Inside the database there were 130k usernames, emails and passwords.

    In addition to these apps, CPR also came across the unsecured databases of a popular PDF reader as well as a bookkeeping application.

    In the same way that security experts recommend that consumers protect their smartphones, tablets and laptops with strong and complex passwords, so too should businesses that use cloud databases to store data for their mobile apps. We've also featured the best identity theft protection



    ======================================================================
    Link to news story: https://www.techradar.com/news/thousands-of-mobile-app-cloud-databases-have-be en-left-exposed-online/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)