German security experts have found a flaw in the way mobile apps store data that leaves users’ personal information exposed to hackers.
Researchers identified 56 million pieces of unprotected data in the applications, which include gaming, banking and messaging services.
Siegfried Rasthofer, one of the researchers at the Fraunhofer Institute for Secure Information Technology and Darmstadt University of Technology, said: “In almost every category we found an app which has this vulnerability in it.”
Fellow researcher Eric Bodden further said that the number of exposed records could likely be in the billions.
The team of experts did not disclose the names of applications affected, but said that the list includes some of the most popular apps on the Google and Apple stores.
Bodden said that the problem is in the way developers authenticate users when their data is stored online.
Developers can use cloud services such as Amazon Web Services to store and share user data, which usually protects the information. But some developers are choosing the default option of using numbers and letters within the app’s software code to create a token, which leaves the apps open to attackers as the tokens can be easily exploited.
However, the researchers said there is no known case of attackers using the exploit to date, but other experts have warned that the vulnerability is easily exploitable.
“The amount of effort to compromise data by exploiting app vulnerabilities is far less than the effort to exploit Heartbleed,” Toshendra Sharma, founder of India mobile security firm Wegilant, told Reuters.
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…