'Billions' of records at risk from mobile app data flaw

f
Researchers havfe said that the flaw leaves data stored by apps vulnerable with almost every category of app considered vulnerable
World Bulletin / News Desk
Security researchers have uncovered a flaw in the way thousands of popular mobile applications store data online, leaving users' personal information, including passwords, addresses, door codes and location data, vulnerable to hackers.
The team of German researchers found 56 million items of unprotected data in the applications it studied in detail, which included games, social networks, messaging, medical and bank transfer apps.
"In almost every category we found an app which has this vulnerability in it," said Siegfried Rasthofer, part of the team from the Fraunhofer Institute for Secure Information Technology and Darmstadt University of Technology.
Team leader Eric Bodden said the number of records affected "will likely be in the billions".
Another security researcher working separately, Colombian Jheto Xekri, said he had also found the same flaw.
The problem, Bodden said, is in the way developers - those who write and sell the applications - authenticate users when storing their data in online databases.
Most such apps use services like Amazon's Web Services or Facebook's Parse to store, share or back up users' data.
While such services offer ways for developers to protect the data, most choose the default option, based on a string of letters and numbers embedded in the software's code, called a token.
Attackers, Bodden says, can easily extract and tweak those tokens in the app, which then gives them access to the private data of all users of that app stored on the server.
The researchers said they had no documented evidence that the vulnerability had been exploited.
The vulnerable applications, which they declined to name, number in the tens of thousands, and include some of the most popular on the Apple and Google app stores.
Rasthofer said all four companies had responded to their findings; he said Apple staff had told him on Monday that they would soon incorporate warnings to developers to double check their security settings before uploading apps to its App Store.
Google declined to comment, while Apple and Amazon did not respond to queries.
A Facebook spokesperson said that after researchers notified it of the vulnerability the company had been working with affected developers. She declined to provide details.


Related app development security amazon Facebook
Legal Notice: Copyright, trade marks and other intellectual property rights in this website can not be reproduced without the prior permission.

 

No Comment Yet
Science&Technology News

'Billions' of records at risk from mobile app data flaw
Researchers havfe said that the flaw leaves data stored by apps vulnerable with almost every category of app considered vulnerable

SpaceX to build test track for Hyperloop
SpaceX revealed Monday that it is building a test track for the Hyperloop, a concept for ultra-fast ground transport the company’s CEO, Elon Musk, unveiled.

Scientists created 'Dino-chickens' in lab
Biologists have created chicken embryos with dinosaur-like faces by tinkering with the molecules that build the birds' beaks.

Apple Watch pre-orders sell out in minutes
Product available for pre-order in nine countries but devices won’t ship for weeks.

Advanced material made cheaper by Turkish Nanografi
Nobel Prize-winning scientists' discovery can be manufactured cheaper thanks to Nanografi process.

Mobile technology tiptoes towards 5G
Most industry experts expect the first product of 5G technology in the run-up to the Tokyo Olympics in 2020.

Cooler Pacific has slowed global warming, briefly
The slowdown in the rate of rising temperatures, from faster gains in the 1980s and 1990s, has puzzled scientists because heat-trapping greenhouse gas emissions

Astronomers find giant black hole in early universe
The discovery challenges cur