A report shows that numerous apps release personal user data through incorrect cloud configurations. Including names and email addresses, passwords and even medical information.
When companies store data in the cloud, there is always a risk of a leak. In most cases the data is quite safe with the big cloud providers like Amazon, Microsoft, Google and Alibaba. Instead, the problem often lies in the interface between the company’s infrastructure and the cloud. If the local company servers are not properly protected, this also makes the cloud data vulnerable – and apps insecure.
Also interesting: Forbidden Spy Software Detected in 450 Popular Apps
More than 18,000 unsafe apps found
Internet security company “Zimperium” has now found out that numerous apps for iOS and Android are also affected by this problem, as the magazine ” Wired “ reports. The company scanned more than 1.3 million apps using an automated process. It looked for known configuration errors when setting up the cloud. If companies are not careful enough in handling security measures, they make cloud data vulnerable.
10 percent of the apps scanned – around 131,000 in total – use cloud services. The security researchers have found that 14 percent of them have incorrectly configured cloud settings. A total of 11,877 Android apps and 6608 iOS apps are affected.
For Shridhar Mittal, CEO of Zimperium, these results are appalling. He told Wired, “A lot of these apps have cloud storage that hasn’t been configured properly by the developer or whoever is setting it up. And that’s why the data is visible to pretty much everyone. And most of us currently have these apps installed. “
Also interesting: experts classify numerous speed knife apps as unsafe
Widely used apps can also be unsafe
According to their own statements, the researchers turned to the companies concerned. However, most of them would not have reported back and thus continue to have unprotected data. For this reason, Zimperium does not name the apps affected. Among the scanned apps are also some that have several million users. One of them is a digital wallet being developed by a Fortune 500 company. The app leaks data about user sessions and finances. Another is the official transportation app for a large city. The app reveals payment information. Another medical app shows test results and profile pictures.
Hackers can access such poorly protected information with relatively simple attacks. According to Zimperium, some companies are so poorly protected that even network logins and configuration files are visible. This makes it easy for attackers to penetrate deep into the company infrastructure.
After all, app developers could counteract the problem relatively easily. In many cases it would be enough to tick a few additional ticks in the cloud configuration. In the meantime, users have to pay even more attention to what personal information they pass on in apps.