Despite Apple’s efforts to keep iOS secure, it’s difficult to control how third-party users store user data. A new study by mobile security firm Zimperium has found that thousands of iOS and Android apps expose users’ personal information due to misconfigured cloud services.
As reported by Wired, Zimperium has analyzed more than 1.3 million iOS and Android applications to identify incorrect configurations in clouds leading to exposure to user data. Of all the applications analyzed, 47,000 iOS apps and 84,000 Android apps used public cloud services like Amazon Web Services, Google Cloud or Microsoft Azure in their background instead of having their own servers.
The research found that at least 14% of these applications using public cloud services have exposed users’ personal information, which includes passwords and health data, due to incorrect configurations that allow hackers to overwrite access to and even such data.
Shridhar Mittal, CEO of Zimperium, explains that many of these developers have not set up the cloud service they use well to prevent breaches like this.
Hacking groups are already doing this type of scan to find incorrect configurations in clouds in web services. And Mittal says the researchers, in addition to sensitive user data, also found network credentials, system configuration files and server architecture keys in some of the exposed app storage that attackers could potentially use to gain deeper access to an organization’s digital organizations.
Although cloud service providers like Amazon Web Services have tools to detect possible incorrect configurations, the developers take the biggest responsibility to avoid this situation. Unfortunately, most users have no idea that their data on the Internet can be exposed by programs they trust.
Zimperium reached out to the developers of some of the programs analyzed, but most of them did not respond to a request to correct the violation in their programs. The researchers say that not only apps from small developers have been affected by incorrect configurations of cloud services, but also apps from large enterprises.
One of the apps involved is a mobile wallet from a Fortune 500 company that exposes user session information and financial data. Another is a big city transportation app that exposes payment data. The researchers also found medical applications with test results and even users’ profile photos in public.
The researchers hope that today’s report will make more developers aware of how to set up cloud services in apps properly. You can read the full story on the Wired website.
FTC: We use revenue to earn automatically affiliate links. More.
Check out 9to5Mac on YouTube for more Apple news: