Advertisement


Advertisement

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
General News Thousands of mobile apps found to have a critical vulnerability in their Firebase..
#1
Advertisement
Thousands of mobile apps found to have a critical vulnerability in their Firebase database


Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications. The database has been found to expose over 100 million data records, including plain text passwords, user IDs, location. The app data also shows financial records including banking and cryptocurrency transactions in case of some applications.

Firebase, acquired by Google in 2014, is one of the most popular platform for back-end development of mobile and web applications. It offers a cloud-based database to developers and stores the data in JSON format. The database is synced in real-time with all connected clients. According to Hacker News, the researchers from mobile security firm Appthority discovered that many app developers failed to properly secure their back-end built using Firebase.

It says these back-end Firebase endpoints are not protected by firewalls or authentication system and leave hundreds of gigabytes of sensitive app user data publicly accessible to anyone. The researchers scanned over 2.7 million apps and found that more than 3,000 app were susceptible to data theft. They say 2,446 of these apps are on Android while 600 apps are on iOS. They have been found to be leaking a whole 2,300 databases with more than 100 million records with the potential breach of over 113 gigabytes of data.

Exploiting the firebase database seems rather easy. The platform offers app developers an API server and in order to access databases hosted on the service, attackers need to just add “/.json” with a blank database name at the end of the host name. The researchers claim that these vulnerable Android apps were alone downloaded more than 620 million times.

The affected apps belong to multiple categories including telecommunication, cryptocurrency, finance, postal services, ride-sharing, education, productivity, health and fitness, hotels among others. The vulnerable apps are giving away 2.6 million User IDs and passwords in plain text, 25 million GPS location records, 4.5 million+ Facebook, LinkedIn, Firebase and corporate data store user token and 4 million+ PHI (Protected Health Information) records.

Firebase does not secure user data hosted on its platform by default and rather requires developers to implement user authentication. The researchers claim that they have already contacted Google and have provided a list of all vulnerable app databases. They have also contacted few app developers, offering help to patch this issue.

Source:
___________________________________________
Airtel Digital HD Recorder / Kerala Vision Digital TV
Reply
Thanks given by:
Advertisement
Advertisement




Possibly Related Threads...
Thread Author Replies Views Last Post
  General News: Vodafone Play mobile website launched in India nairrk 0 163 09-03-2019, 02:15 PM
Last Post: nairrk
  General News: Top WhatsApp Stickers apps to wish your family and friends this festive season nairrk 0 430 12-24-2018, 10:45 AM
Last Post: nairrk
  General News: How to Check Which Apps Have Access to Your Gmail and How to Remove Them nairrk 0 356 07-04-2018, 01:06 PM
Last Post: nairrk
  General News: Third-party Gmail apps let their employees read private email messages: Report nairrk 0 373 07-03-2018, 01:43 PM
Last Post: nairrk
  General News: Microsoft launches ‘Visual Search’ on its mobile apps including Bing, Microsoft.. nairrk 0 533 06-22-2018, 12:46 PM
Last Post: nairrk
  General News: Yahoo Mail revamps mobile website and launched Android Go app nairrk 0 466 06-20-2018, 09:28 AM
Last Post: nairrk
  General News: Facebook launches dedicated 'Memories' section for mobile apps and desktop nairrk 0 417 06-12-2018, 01:14 PM
Last Post: nairrk
  General News: Twitter adds new features to web and Windows app, killing some other apps nairrk 0 423 05-23-2018, 07:27 PM
Last Post: nairrk
  General News: Google is bringing a number of features & apps to Chrome OS including SD card support nairrk 0 462 05-14-2018, 12:30 PM
Last Post: nairrk
  General News: Google introduces Storyboard, Selfissimo! and Srubbies AI-powered photography apps nairrk 0 772 12-12-2017, 01:02 PM
Last Post: nairrk

Forum Jump:


Users browsing this thread: 1 Guest(s)
Advertisement