قالب وردپرس درنا توس
Home / Technology / Hundreds of iOS apps lose data due to misconfigured Firebase backends

Hundreds of iOS apps lose data due to misconfigured Firebase backends



About 2,200 unsecured Firebase databases have resulted in more than 3,000 iOS and Android apps losing user data. More than 100 million records, including plain text passwords, health information, GPS location data and more, are reported by security experts.

  Appthority's HospitalGown report

According to a new report from the app company for mobile app Appthority, which carries the Mobile Threat Report to the 2nd quarter of 201

8 the problem is posed by a new variant the so-called "HospitalGown vulnerability." HospitalGown, referred to as "cheeky data because of backend data leakage," was first identified in 2017 by the Appthority Mobile Threat Team.

Appthority now reports that the problem occurs when app developers do not require authentication of Google Firebase cloud databases, something that does not run by default when developers use the popular development tool.

Appthority has found that of the 1,275 iOS apps that use a Firebase database, 600 are vulnerable. In total, more than 3,000 apps lost data from 2,271 misconfigured databases. And among the leaked data are 2.6 million plain-text passwords and user IDs, more than 4 million protected health information and 50,000 financial records.

"To properly secure data, developers must implement user authentication specifically for all database tables and rows, which is rare in practice," Appthority writes in the report. "In addition, it does not require attackers to find open Firebase app databases and gain access to millions of private mobile data app records.

  Appthority's Numbers

As of Bleeping Computer reported Firebase is a Google product that includes backend tools for creating mobile apps used by many Android developers, but iOS apps also use the data storage and analysis service. Appthority rated 2, 7 million iOS and Android apps to identify 28,502 mobile apps – 27,227 Android and 1,275 iOS – the data stored in Firebase backends.

Apporthority also found that with increasing Firebase usage, the number of vulnerable apps also increased 4.578 (9 percent), were vulnerable.

Appthority recommends that developers protect their data more effectively.

"You need a thorough security check Appthority writes in the report, "Connections, self-developed apps, and public apps are available for employee productivity." "You may find it difficult to gain insight into the threat posed by this threat in EMM published corporate and public apps without an automated MTD solution focused on app threats and back-end vulnerabilities such as Appthority Mobile Threat Protection."

Google was notified of issue and provided a list of affected apps and servers.


Source link