Inadvertent data leaks due to cloud misconfigurations continue to be a major risk for organizations. Here, cybercriminals often try to exploit vulnerabilities or setup errors in the cloud storage infrastructure. A recent analysis from mobile security firm, Zimperium, revealed that these cloud exposures also pose a severe threat for iOS and Android mobile applications. The research found that nearly 14% of mobile apps that use cloud storage had unsecure configurations and were vulnerable to various cyberattacks. Critical issues in mobile applications globally exposed users’ personal information, enabled fraud, and/or exposed IP or internal systems and configurations.
Zimperium’s researchers discovered misconfiguration issues on apps that were using popular public cloud services like Amazon Web Services (AWS), Google Storage, Google Firebase, and Microsoft Azure. In an automated analysis, the researchers found misconfiguration issues in more than 1.3 million Android and iOS apps. The company stated that certain apps are exposing the entire cloud infrastructure scripts and SSH keys.
Misuse of Data
Leak of sensitive information could allow an attacker to penetrate an organization’s computing infrastructure. “Having access to all of the infrastructure information can also allow an attacker to take over the backend infrastructure of the company, which in turn can allow the attacker to potentially jump to other infrastructure and hurt other products,” Zimperium said.
How to Boost Mobile App Security
Cybercriminals often rely on malicious apps to compromise sensitive information from millions of users. It is imperative for users and organizations to boost their mobile application security to defend against evolving cyberthreats. Not only manufacturers, but end-users must also follow the required security precautions while installing and using mobile apps. Organizational applications are prone to greater cybersecurity risks as they can provide access to the entire corporate systems and employees’ personal information. Read more…
EC-Council’s CISO MAG brings to you a webinar on “The Current State of Application Security.” Register now!