1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hard-coded credentials make it simple to steal millions of sensitive records from apps

Discussion in 'Network World' started by RSS, Nov 17, 2015.

  1. RSS

    RSS New Member Member

    During a Black Hat Europe talk about (In)Security of Backend-as-a-Service, researchers warned that thousands of popular mobile apps have hard-coded backend credentials which could allow anyone to access millions of sensitive records. “Attacks are free, effortless, and simple,” they warned.

    Siegfried Rasthofer and Steven Arzt, PhD students at TU Darmstadt in Germany, focused on apps that use Backend-as-a-Service (BaaS) frameworks from the providers Amazon Web Services, CloudMine and Parse.com, which is owned by Facebook. This is the “first comprehensive security evaluation of several popular BaaS providers and APIs as well as their use in real-world Android and iOS applications.”

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page