Symantec, a security firm, is expressing alarm over how readily millions of people’s private information could be accessed through a number of apps, primarily those that run iOS.
The issue would be the reuse of valid Amazon Web Services (AWS) tokens. A great deal of information would become available.
The reuse of hard-coded Amazon Web Services tokens results in a significant security problem in 1,859 applications, 98% of which are iOS-based. In fact, we discover that the identical AWS credentials are used by 53% of the Symantec-tested applications. The threat posed by this information is multiplied by 10. Symantec believes that the supply chain is the issue, particularly when developing apps using SDKs (SDKs).
Android and iOS apps pose data leak risks
The business claims that if the AWS code only permits access to a single file that is present in the Amazon Simple Storage Service (S3), the vulnerability is limited; however, this is not the case in this particular scenario. One of the examples is the SDK of a B2B corporation. This allows customers access to the company’s platform as well as all of its cloud infrastructure keys. There are listed more than 15,000 large and medium-sized companies. Additionally, Symantec asserts that financial records, as well as information about clients and employees, may unintentionally leak.
The organization has hard-coded the AWS access token in order to use the AWS translation service, according to Symantec. However, instead of simply the translation cloud service, anyone with the hard-coded access token got full, unlimited access to all of the B2B enterprise’s AWS cloud services.
The risk of data leakage is significantly increased by the reuse of these tokens, which provide total access to data across multiple applications. Even though it can mostly be an error on the part of the developers. AWS tokens are used in 47% of the apps analyzed, according to Symantec’s analysis. which don’t just give users access to the files they need for coding, like those in a private cloud space. additionally to the millions of files that Amazon maintains (S3).