Billions of records at risk from mobile app data flaw

Billions of records at risk from mobile app data flaw

SINGAPORE - Reuters
Billions of records at risk from mobile app data flaw

REUTERS Photo

Security researchers have uncovered a flaw in the way thousands of popular mobile applications store data online, leaving users’ personal information, including passwords, addresses, door codes and location data, vulnerable to hackers. 

The team of German researchers found 56 million items of unprotected data in the applications it studied in detail, which included games, social networks, messaging, medical and bank transfer apps. 

“In almost every category we found an app which has this vulnerability in it,” said Siegfried Rasthofer, part of the team from the Fraunhofer Institute for Secure Information Technology and Darmstadt University of Technology. Team leader Eric Bodden said the number of records affected “will likely be in the billions”. 

Another security researcher working separately, Colombian Jheto Xekri, said he had also found the same flaw. 

The problem, Bodden said, is in the way developers - those who write and sell the applications - authenticate users when storing their data in online databases. 

Most such apps use services like Amazon’s Web Services or Facebook’s Parse to store, share or back up users’ data. 

While such services offer ways for developers to protect the data, most choose the default option, based on a string of letters and numbers embedded in the software’s code, called a token. 

Attackers, Bodden says, can easily extract and tweak those tokens in the app, which then gives them access to the private data of all users of that app stored on the server. 

The researchers said they had no documented evidence that the vulnerability had been exploited. 

The vulnerable applications, which they declined to name, number in the tens of thousands, and include some of the most popular on the Apple and Google app stores. 

Rasthofer said all four companies had responded to their findings; he said Apple staff had told him on Monday that they would soon incorporate warnings to developers to double check their security settings before uploading apps to its App Store. 

Google declined to comment, while Apple and Amazon did not respond to queries. 

A Facebook spokesperson said that after researchers notified it of the vulnerability the company had been working with affected developers. She declined to provide details. 

Facebook’s Parse lists among its customers some of the world’s biggest companies, all of which, Rasthofer said, were potentially affected. 

Security researchers say mobile applications are more at risk of failing to secure users’ data than those running on desktop or laptop computers. This is partly because implementing stronger security is harder, and partly because developers are in a rush to release their apps, said Ibrahim Baggili, who runs a cybersecurity lab at the University of New Haven.

Quark.Models.Entities.Ancestor?.Title?.ToUpperInvariant() G7 asks all parties to prevent further Middle East escalation

G7 asks 'all parties' to prevent further Middle East escalation
LATEST NEWS

  1. G7 asks 'all parties' to prevent further Middle East escalation

    G7 asks 'all parties' to prevent further Middle East escalation

  2. Erdoğan says Greek PM's visit aims to strengthen ties

    Erdoğan says Greek PM's visit aims to strengthen ties

  3. Several quakes shake country over two days

    Several quakes shake country over two days

  4. Ankara warns of ‘wider conflict’ amid Iran-Israel tension

    Ankara warns of ‘wider conflict’ amid Iran-Israel tension

  5. Private sector’s external debt declines

    Private sector’s external debt declines
Recommended
Private sector’s external debt declines

Private sector’s external debt declines
Meta releases beefed-up AI models

Meta releases beefed-up AI models
Middle East tension keeps investors, markets on edge

Middle East tension keeps investors, markets on edge
EU seeks to close production gap with China and US

EU seeks to close production gap with China and US
Fiscal policy to support Central Bank’s fight against inflation: Şimşek

Fiscal policy to support Central Bank’s fight against inflation: Şimşek
Tesla asks shareholders to reapprove huge Musk pay deal

Tesla asks shareholders to reapprove huge Musk pay deal
Climate impacts set to cut 2050 global GDP by nearly a fifth

Climate impacts set to cut 2050 global GDP by nearly a fifth
WORLD G7 asks all parties to prevent further Middle East escalation

G7 asks 'all parties' to prevent further Middle East escalation

G7 foreign ministers Friday urged "all parties" to "work to prevent further escalation" in the Middle East, following reports that Israel had carried out revenge strikes on Iran.
ECONOMY Private sector’s external debt declines

Private sector’s external debt declines

The Turkish private sector’s total outstanding loans received from abroad declined by $394 million from the end of 2023 to stand at $163.4 billion as of February, the data from the Central Bank have shown.
SPORTS Fenerbahçe sets eyes on Euro success

Fenerbahçe sets eyes on Euro success

Fenerbahçe set to take on Olympiacos in the first leg of a Europa League quarterfinal with hopes of silencing a recent debate in Turkish football.