Millions of sensitive records exposed by mobile apps leaking back-end credentials

Developers have hard-coded credentials for back-end services into thousands of mobile apps, researchers found.
By Lucian Constantin
Thousands of mobile applications, including popular ones, implement cloud-based, back-end services in a way that lets anyone access millions of sensitive records created by users, according to a recent study.
The analysis was performed by researchers from the Technical University and the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, and the results were presented Friday at the Black Hat Europe security conference in Amsterdam. It targeted applications that use Backend-as-a-Service (BaaS) frameworks from providers like Facebook-owned Parse, CloudMine or Amazon Web Services.
To read the entire article, please click here.
Source: http://www.csoonline.com/

Facebooktwittergoogle_plusredditlinkedinmail