Cloud Misconfiguration leads to data exposure of Android and iOS users


Cloud Misconfigurations are leading to the data exposure of users using android and iOS apps says a research carried out by Zimperium. And what’s surprising in this conformation is that the problems are occurring on platforms launched by world renowned tech companies like Amazon Web Services, Google Cloud, and Microsoft Azure.

Another highlight from the research is that a mobile wallet developed by Fortune 500 Company was also involved in exposing information related to users that includes their payment card details and login sessions. Some apps were also found to be sending profile pictures, personal contact details, and medical data to servers operating in countries like Asia and Africa.

Zimperium research says that they have conducted a clinical research on over 1.3 million apps hosted on Apple and Android play store and 14% of them were leaking cloud infrastructure scripts, and SSH keys to remote servers.

Data Security research by the Texas based company says that apps related to transportation, online retail, gambling, news service, major music, payment wallets, air travel booking, and Asian government travel apps were seen exposing IP and accessed system details to interested parties on dark web.

“It’s clear that most app users are using storage blobs hosted on Google and Amazon platforms and because of configurational errors the apps were seen exposing data to whosoever accessing them by fraudulent means,” says Zimperium. In some rare cases, hackers were seen changing and overwriting data that could end up serious disruptions to users.

Here, the onus stays on companies that are leasing out storage space to users. And, those hosting info on such platforms should also keep a vigil on how their apps are operating on third party platforms that would help them in keeping their user data safe.

Interestingly, the survey was conducted by Zimperium that is a part of Google’s App Defense Alliance initiative, where third party firms may set up automated app scanning on Google Play store.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display