Alarms are being raised by Symantec, a cybersecurity organization, over the ease with which millions of people’s private information may be accessed via several apps, mostly those running iOS.
The problem would arise specifically from the reuse of valid Amazon Web Services (AWS) tokens. Which would grant access to a large number of information.
The reuse of hard-coded Amazon Web Services tokens has been identified as a severe security vulnerability in 1,859 applications, 98% of which are iOS-based. In fact, we discover the reuse of the same AWS credentials in 53% of the applications tested by Symantec. Tenfold increasing the danger of this data. For Symantec, the issue stems from the supply chain, particularly when developing apps using software development kits (SDKs).
Android and iOS apps pose data leak risks
Gizchina News of the week
According to the company, the vulnerability is limited if the AWS code only allows access to a single file present in the Amazon Simple Storage Service (S3), however this is not the case in this instance. One of the instances is a B2B company’s SDK. Which gives clients access to all of the company’s cloud infrastructure keys in addition to its platform. There are more than 15,000 big and medium-sized businesses listed there. And Symantec claims that information about both customers and staff, as well as financial records, might accidentally be subjet of leaks.
According to Symantec, “to access the AWS translation service, the business has hard-coded the AWS access token. Anyone with the hard-coded access token, however, had complete, unrestricted access to all of the B2B enterprise’s AWS cloud services rather than just the translation cloud service.
The reuse of these tokens, which grant complete access to data on different applications, dramatically raises the danger of leakage. Even if it may be primarily inadvertent on the side of developers. According to Symantec’s investigation, 47% of the apps evaluated include AWS tokens. Which not only grant access to the files needed for coding, such as those in a private cloud area. But also to the millions of files kept by Amazon (S3).