"Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations"

Researchers at Check Point have found that mobile applications with tens of millions of downloads are leaking sensitive user data due to the misconfiguration of back-end cloud databases.  The security vendor’s three-month study began with a simple query on VirusTotal for mobile apps listed on the malware scanning service that communicates with the Firebase cloud database.  Throughout the study, the researchers discovered 2113 mobile apps that had their Firebase back-end exposed due to misconfigurations.  The researchers stated that while writing code, developers invest many resources to harden an application against several forms of attacks.  However, developers may neglect to configure the cloud database properly, thus leaving real-time databases exposed, which could then result in a catastrophic breach if exploited.  The researchers also stated that developers often manually change the default locked and secured configurations of security rules to run tests.  If left unlocked and unprotected before releasing the application to production, it leaves the database open to anyone accessing it and thus susceptible to read and write into the database.

Infosecurity reports: "Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations"