Advertisement


Advertisement

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
General News Thousands of mobile apps found to have a critical vulnerability in their Firebase..
Advertisement
#1
Thousands of mobile apps found to have a critical vulnerability in their Firebase database


Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications. The database has been found to expose over 100 million data records, including plain text passwords, user IDs, location. The app data also shows financial records including banking and cryptocurrency transactions in case of some applications.

Firebase, acquired by Google in 2014, is one of the most popular platform for back-end development of mobile and web applications. It offers a cloud-based database to developers and stores the data in JSON format. The database is synced in real-time with all connected clients. According to Hacker News, the researchers from mobile security firm Appthority discovered that many app developers failed to properly secure their back-end built using Firebase.

It says these back-end Firebase endpoints are not protected by firewalls or authentication system and leave hundreds of gigabytes of sensitive app user data publicly accessible to anyone. The researchers scanned over 2.7 million apps and found that more than 3,000 app were susceptible to data theft. They say 2,446 of these apps are on Android while 600 apps are on iOS. They have been found to be leaking a whole 2,300 databases with more than 100 million records with the potential breach of over 113 gigabytes of data.

Exploiting the firebase database seems rather easy. The platform offers app developers an API server and in order to access databases hosted on the service, attackers need to just add “/.json” with a blank database name at the end of the host name. The researchers claim that these vulnerable Android apps were alone downloaded more than 620 million times.

The affected apps belong to multiple categories including telecommunication, cryptocurrency, finance, postal services, ride-sharing, education, productivity, health and fitness, hotels among others. The vulnerable apps are giving away 2.6 million User IDs and passwords in plain text, 25 million GPS location records, 4.5 million+ Facebook, LinkedIn, Firebase and corporate data store user token and 4 million+ PHI (Protected Health Information) records.

Firebase does not secure user data hosted on its platform by default and rather requires developers to implement user authentication. The researchers claim that they have already contacted Google and have provided a list of all vulnerable app databases. They have also contacted few app developers, offering help to patch this issue.

Source:
___________________________________________
Airtel Digital HD Recorder / Kerala Vision Digital TV
Reply
Thanks given by:
Advertisement
Advertisement




Possibly Related Threads...
Thread Author Replies Views Last Post
  Update: Google bans six apps on Play Store nairrk 0 155 09-02-2020, 06:55 PM
Last Post: nairrk
  General News: Banned Chinese Xiaomi apps will not come pre-installed anymore nairrk 0 159 08-07-2020, 03:19 PM
Last Post: nairrk
  General News: Zoom vs JioMeet vs Google Meet: Battle of the video-conferencing apps... nairrk 0 207 07-23-2020, 12:33 PM
Last Post: nairrk
  General News: Remove China Apps crosses 1 million downloads on Google Play Store nairrk 0 239 06-01-2020, 06:45 PM
Last Post: nairrk
  General News: Vodafone Play mobile website launched in India nairrk 0 386 09-03-2019, 02:15 PM
Last Post: nairrk
  General News: Top WhatsApp Stickers apps to wish your family and friends this festive season nairrk 0 651 12-24-2018, 10:45 AM
Last Post: nairrk
  General News: How to Check Which Apps Have Access to Your Gmail and How to Remove Them nairrk 0 529 07-04-2018, 01:06 PM
Last Post: nairrk
  General News: Third-party Gmail apps let their employees read private email messages: Report nairrk 0 529 07-03-2018, 01:43 PM
Last Post: nairrk
  General News: Microsoft launches ‘Visual Search’ on its mobile apps including Bing, Microsoft.. nairrk 0 744 06-22-2018, 12:46 PM
Last Post: nairrk
  General News: Yahoo Mail revamps mobile website and launched Android Go app nairrk 0 640 06-20-2018, 09:28 AM
Last Post: nairrk

Forum Jump:


Users browsing this thread: 1 Guest(s)
Advertisement