The Connection, Inc Blog

The Connection, Inc has been serving the New Jersey area since 1992, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

Hundreds of Applications Could Potentially Expose Data Through Basic Errors

Hundreds of Applications Could Potentially Expose Data Through Basic Errors

At the beginning of September, it was revealed that a relatively simple issue existed in nearly 2,000 mobile applications that potentially exposed some (read: a lot of) sensitive data. Let’s take a brief, basic look at the situation to see if there are any lessons that can apply to your business.

Trust us, there will be.

In Essence, the Issue is One of Access Permissions

Let’s go over how these apps generally work.

Naturally, the apps that you use on your phone aren’t fully hosted on your device. Instead, they are commonly hosted in cloud services. In theory, the application you install effectively just contains hardcoded access credentials that allow you to access the data or the service that application provides.

Notice that we said, in theory. Research conducted by Broadcom’s Symantec Threat Hunter team revealed that these purportedly single-purpose logins were able to access all of the files that a cloud service contained—including company data, backups of databases, and system controls.

Worse, if multiple apps included the same publicly available software development kits (SDKs) or were created by a single company, these login credentials could potentially grant access to numerous applications, exposing the infrastructure and user data of each.

So, let’s say that an attacker happened to obtain these access tokens. With the situation being the way it is, that would give the attacker access to all of the applications—and more critically, the user data these applications contain—that the access tokens granted access to.

Between the Android and iOS platforms, researchers found almost 2,000 applications that had their credentials hard-coded to Amazon Web Services—three-quarters of those granting access to private cloud services (and half of those granting access to private files), with about half containing access tokens found in completely unrelated applications.

So, What Does This Have to Do With Your Business?

Let me ask you something: who in your business could potentially access your payroll information, your employees’ private information, or all the financial data you’ve collected from your clientele and workforce alike?

This idea that certain information is accessible by those who shouldn’t have access to it is the crux of the issue. You need to ensure that your data and files are only accessible to those who need them for their work responsibilities. This is known as the principle of least privilege—basically, all access and information are distributed on a need-to-know basis, based on the responsibilities of the individual users.

In short, much like these applications should have been doing, you need to ensure that access to this data is locked down. We can help.

Give us a call at (732) 291-5938 to learn more about how we can help you.

Tags:
Data Current Events Mobile Device
3 Questions You Need to Ask Your IT Service Provid...
Almost 20% of Enterprise Windows Servers Lack Endp...

About the author

George Gremminger

George Gremminger

George's career in high technology systems began in 1985 at ESS in Atlantic Highlands, NJ, where he spent two years doing voice & data cabling, phone system installation, and service & maintenance. He then spent four years with Atlantic Telecom Services in Leonardo, NJ running their service and installation department, honing his skills in fiber optic lines, cabling, and phone systems.

In 1992, George drew on his years of experience and established The Connection, Inc.

As Owner, President and Senior Systems Engineer, George oversees all operations on a day-to-day basis. You might find him out in the field troubleshooting a telephone system, on a lift 30 feet in the air hanging fiber optic cable, or in the office helping with hardware or software issues. George is certified in a wide range of technologies and systems, including Microsoft, Sonic Wall, Mitel and Samsung.

George is a dedicated hands-on manager, ensuring every aspect of The Connection, Inc.’s operation runs smoothly. Whether it's 3 AM, or a Saturday afternoon, George is dedicated to helping their customers get connected and Stay Connected! His dedication to the community is clear, as he is a long-time volunteer member and President of the Leonardo First Aid Squad and a long-time volunteer member of the Community Fire Company of Middletown Township.

You can reach George at or 732-291-5938 ext. 500.

Author's recent posts

More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, 22 November 2024

Captcha Image

Posts by Topic

Tag Cloud

Blog Archive

2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014

Mobile? Grab this Article

QR Code

Free Consultation

team work

Interested in seeing what we can do for your business? Contact us to see how we can help you!

Sign Up Today!

News & Updates

The Connection, Inc Celebrates 32 Years as a Trusted Technology Provider!
The Connection, Inc. Celebrates 32 Years as a Trusted Technology Provider!   Since our founding in 1992, technology and the way we operate and do business has changed a lot. Companies that have adapted and aligned themselves with ...
Read More

Contact us

Learn more about what The Connection, Inc can do for your business.

The Connection, Inc
51 Village CT
Hazlet, New Jersey 07730

Copyright The Connection, Inc. All Rights Reserved. | Privacy Policy