#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

mobile application development | Breaking Cybersecurity News | The Hacker News

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

May 12, 2020
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store. "4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said. Acquired by Google in 2014, Firebase is a popular mobile application development platform that offers a variety of tools to help third-party app developers build apps, securely store app data and files, fix issues, and ev
Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Thousands of Mobile Apps Expose Their Unprotected Firebase Hosted Databases

Jun 21, 2018
Mobile security researchers have discovered unprotected Firebase databases of thousands of iOS and Android mobile applications that are exposing over 100 million data records, including plain text passwords, user IDs, location, and in some cases, financial records such as banking and cryptocurrency transactions. Google's Firebase service is one of the most popular back-end development platforms for mobile and web applications that offers developers a cloud-based database, which stores data in JSON format and synced it in the real-time with all connected clients. Researchers from mobile security firm Appthority discovered that many app developers' fail to properly secure their back-end Firebase endpoints with firewalls and authentication, leaving hundreds of gigabytes of sensitive data of their customers publicly accessible to anyone. Since Firebase offers app developers an API server, as shown below, to access their databases hosted with the service, attackers can gain acce
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Apple will let users run iOS apps on macOS

Apple will let users run iOS apps on macOS

Jun 06, 2018
Apple is making it easier for mobile developers to port their iOS apps to the next-generation macOS Mojave desktop platform—a major step in bringing the two platforms closer together. However, at the same time, the company straightforward denied the idea of merging the iPhone and Mac operating systems into one platform, which was being speculated for years. So, Apple made it clear that iOS and macOS will continue to be separate products. Rumors of iOS apps coming to the Mac have been around since 2017, and yesterday at Apple's WWDC 2018 event, Apple senior vice president of software engineering Craig Federighi just confirmed this while concluding his keynote. Though iOS and macOS share similar underlying frameworks, both are separate operating systems with their own separate software libraries, called UIKit used by iOS and AppKit used by macOS, which have made porting iOS apps to Mac difficult, said Federighi. "iOS devices and macOS devices of course are different
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Google Play Store increases Android APK Size Limit from 50MB to 100MB

Google Play Store increases Android APK Size Limit from 50MB to 100MB

Sep 30, 2015
Google is doubling the maximum APK file size on the Play Store from 50 MB to 100 MB . That means... Android app developers can now build higher quality Apps and Games that users love. Of course, for an end user it may affect the overall app performance and installation time, as well as mobile data connectivity. Google Wants Developers to Create Richer Apps By increasing file size limit from 50 MB to 100 MB, Google wants to encourage developers for creating richer apps and games , as well as help avoid the need for downloading additional files after the initial APK download. There are two primary purposes of setting a cap for APKs. The limit ensures: Developers write code efficiently and keep an eye on the overall size of their app Users don't have to wait too long to download an app or game from the Play Store However,  Expansion Files are still there to help developers build apps that exceed the 100MB barrier , but the aim to increase the base lim
Google Photo App Uploads Your Images To Cloud, Even After Uninstalling

Google Photo App Uploads Your Images To Cloud, Even After Uninstalling

Jul 13, 2015
Have you ever seen any mobile application working in the background silently even after you have uninstalled it completely? I have seen Google Photos app doing the same. Your Android smartphone continues to upload your phone photos to Google servers without your knowledge , even if you have already uninstalled the Google Photos app from your device. Nashville Business Journal editor David Arnott found that Google Photos app uploaded all his personal photographs from the device into the service even after uninstalling it. Arnott provided a video demonstration showing that after uninstalling the Google Photos app from his Samsung smartphone, the photograph he took off his coffee mug still wound up being synced into his account on the web. "Months ago, I downloaded the [Photos] app to play with it, but I did not like it and so un-installed the app after just a few days," Arnott tweeted Wednesday. "This evening, I went back to Google Photos on my l
Verizon FiOS app vulnerability Exposes 5 MILLION Customers' Email Addresses

Verizon FiOS app vulnerability Exposes 5 MILLION Customers' Email Addresses

Jan 19, 2015
A critical vulnerability discovered in Verizon 's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf. The issue was discovered while analyzing traffic generated by the Android version of My FiOS , which is used for account management, email and scheduling video recordings. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it shou
Cybersecurity Resources