InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,022.21
(
-0.58%
)
US TECH 100
17,110.00
(
0.45%
)
Dow Jones
37,753.31
(
-0.12%
)
Brent Oil
86.22
(
-0.89%
)
Bitcoin
61,432.87
(
0.24%
)
Post# of 248687
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2487
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Friday, 06/22/2018 8:30:57 PM

Friday, June 22, 2018 8:30:57 PM

Post# of 248687
3,000+ mobile apps leaking data from unsecured Firebase databases

Another reason companies and governments should be happy to use Wave VSC 2.0.

https://www.helpnetsecurity.com/2018/06/20/unsecured-firebase-databases/

Appthority published research on its discovery of a new HospitalGown threat variant that occurs when app developers fail to require authentication to Google Firebase databases.

Appthority security researchers discovered the HospitalGown vulnerability in 2017 which leads to data exposures, not due to any code in the app, but to the app developers’ failure to properly secure backend data stores (hence the name). The new Firebase variant exposes large amounts of mobile app-related data stored in unsecured Firebase databases.

Exposed data from includes personally identifiable information (PII), private health information (PHI), plaintext passwords, social media account and cryptocurrency exchange private access tokens, financial transactions, vehicle license plate and registration numbers, and more data leaking from vulnerable apps.

“The Firebase vulnerability is a significant and critical mobile vulnerability exposing vast amounts of sensitive data,” said Seth Hardy, Appthority Director of Security Research. “The large number of vulnerable apps and the wide variety of data shows that enterprises can’t rely on mobile app developers, app store vetting or simple malware scans to address data security. To keep their data safe and stay in compliance with regulations like GDPR, HIPAA and PCI, they need to be investing in deep app analysis that detects these types of vulnerabilities.”

Key findings
•3,000 mobile iOS and Android apps – over 620 million Android downloads, alone — are leaking data from 2,300 unsecured Firebase databases
•Multiple app categories are impacted including tools, productivity, health and fitness, communication, cryptocurrency, finance and business apps
•Most enterprises are impacted: 62% of enterprises have at least one vulnerable app in their mobile environment.

More than 100 million records are exposed, including:
2.6 million plain text passwords and user IDs
•4 million+ PHI (Protected Health Information) records (chat messages and prescription details)
•25 million GPS location records
•50,000 financial records including banking, payment and Bitcoin transactions
4.5 million+ Facebook, LinkedIn, Firebase, and corporate data store user tokens.
Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up