AKLWEB HOST Blog | #1 Web Hosting Blog

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Leaders in e-commerce must prioritize security and compliance

    September 25, 2022

    Over 1800 Android and iOS Apps Leaking Hardcoded AWS Credentials

    September 5, 2022

    How Companies Leverage AI in the Automotive Industry

    July 29, 2022
    Facebook Twitter Instagram
    Trending
    • Leaders in e-commerce must prioritize security and compliance
    • Over 1800 Android and iOS Apps Leaking Hardcoded AWS Credentials
    • How Companies Leverage AI in the Automotive Industry
    • Cloud Server vs Dedicated Server: Understand Your Requirements
    • Data Science Tips for E-Commerce Brands To Build Winning Customer Journeys
    • 4 Essential Features of Dedicated Server Hosting
    • People of WordPress: Dee Teal
    • How To Run An Effective Social Advertising Campaign
    Facebook Twitter Instagram
    AKLWEB HOST Blog | #1 Web Hosting BlogAKLWEB HOST Blog | #1 Web Hosting Blog
    Cheap Dedicated Servers
    • Home
    • Business
    • Dedicated Servers
    • Domains
    • E-Commerce
    • Marketing
    • Technology
    • Web Hosting
    • WordPress
    AKLWEB HOST Blog | #1 Web Hosting Blog
    Home»Cyber Security News»Over 1800 Android and iOS Apps Leaking Hardcoded AWS Credentials
    Cyber Security News

    Over 1800 Android and iOS Apps Leaking Hardcoded AWS Credentials

    Terry SebastianBy Terry SebastianSeptember 5, 2022Updated:September 5, 2022No Comments3 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email

    The cybersecurity researchers at Symantec have recently warned of the risks related to poor security practices, pointing out that it found hardcoded credentials for AWS in more than 1,800 Android and iOS applications.

    Almost all of the applications consisting of hardcoded credentials that are developed for iOS and Android have been examined by the threat hunting team of Symantec.

    The presence of the same AWS tokens was found in more than 50% of the apps. Various developers and companies have used these tokens in their apps as well. There are serious implications for the supply chain as a consequence of this report.

    There have been a number of things that can be traced to the AWS access tokens, including:-

    • Shared library
    • Third-party SDK
    • Apps are developed using other components

    Supply Chain Risk

    A mobile application software development process resembles that of a supply chain for the manufacture and distribution of materials goods and involves the following things:-

    • Collection software libraries
    • Software development kits (SDKs)
    • Developing the mobile apps

    Mobile apps can become vulnerable to these upstream supply chain issues:-

    • There are many instances in which mobile app developers are unaware that the source libraries and SDKs of their apps are vulnerable.
    • The risk in the outsourcing of mobile app development is that companies will end up with vulnerabilities in the apps that could expose them to risks.
    • In most companies, especially larger ones, there are multiple apps being developed by multiple teams and these apps use cross-team vulnerable libraries.

    Technical Analysis

    In most cases, this type of credential is used to download the resources that are necessary for the app to function properly. Along with this, it also allows authentication to cloud services and access to configuration files.

    Among the incidents that Symantec has discovered, one of the most notable was with an unnamed B2B company offering an intranet and communication platform to its customers, along with a mobile SDK. 

    In this instance, the company’s cloud infrastructure keys had been embedded in the SDK for access to the translation service within the cloud infrastructure.

    As a result of this, all of the customer information of the company was exposed to the public. Over 15,000 medium-to-large-sized companies were included in the database. The database encompassed their corporate data and financial records.

    Moreover, the researchers also discovered five iOS banking apps that used the same AI Digital Identity SDK. As a result, over 300,000 fingerprints have effectively been leaked.

    However, in accordance with the cybersecurity firm, the organizations were notified of the issues uncovered in their applications after it was discovered.

    Cyber Security News
    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Avatar photo
    Terry Sebastian
    • Website

    Terry Sebastian, our Content Manager, joined AKLWEB HOST with over two years of experience under his belt in the web hosting sector in various roles, including customer care, sales, and technical support. His passion for writing and communications and his experience makes him the ideal person for the job. He is devoted to spreading wisdom and knowledge about the web hosting sector so that both clients and colleagues can benefit greatly. In his words, serving and educating others is the way to mutual prosperity.

    Leave A Reply Cancel Reply

    Demo
    Our Picks
    Stay In Touch
    • Facebook
    • Twitter
    • LinkedIn
    Don't Miss
    E-Commerce

    Leaders in e-commerce must prioritize security and compliance

    By Terry SebastianSeptember 25, 20220

    If you ask any e-commerce founder why they got into the field of digital commerce,…

    Over 1800 Android and iOS Apps Leaking Hardcoded AWS Credentials

    September 5, 2022

    How Companies Leverage AI in the Automotive Industry

    July 29, 2022

    Cloud Server vs Dedicated Server: Understand Your Requirements

    July 18, 2022

    Subscribe to Updates

    Get the latest creative news from SmartMag about art & design.

    Facebook Twitter LinkedIn
    © 2022 AKLWEB HOST LLC, All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.