Many hundreds of iOS apps may be unwittingly sharing Amazon Web Services, AWS credentials.
Symantec found 1,859 apps, 98% of which are iOS apps, with hard-coded AWS credentials that potentially put your data at danger.
Nearly half of the apps had legitimate AWS tokens that enabled complete access to thousands, perhaps millions, of private files via Amazon Simple Storage Service, so the company determined that 77% of the apps held valid AWS tokens that allowed access to private AWS cloud services (Amazon S3)
Leaked AWS credentials
Unknown usage of external software libraries and SDKs, outsourcing app development, and cross-team collaboration can lead to missing information and inadequate communication, says security expert Kevin Watkins.
The analysis cites three affected companies. First, an unnamed B2B firm that provides an intranet and communications platform compromised its cloud infrastructure keys, revealing financial records and sensitive data.
Several iOS banking apps outsourced their digital ID and authentication. Hence, this SDK exposed users’ names and birthdates. Therefore, five banking apps revealed 300,000 digital fingerprints.
A hospitality and entertainment company that shared its technological platform exposed business and consumer data from a library used by 16 apps.
The research findings have been shared with the relevant companies, however it is unclear whether the problems have been addressed.