Hallelujah, it's raining private data 🎵
The cloud has been a revolutionary change in app development that allows just about anybody to create a new app. Unfortunately, “just about anybody” probably isn’t qualified to handle your private data.
A study by mobile security firm Zimperium (via Wired) found that tens of thousands of Android and iOS apps have misconfigurations in their cloud infrastructure that allow hackers to gain access to private data.
Here’s how those leaks work:
- For developers, using public cloud servers like Amazon Web Services, Google Cloud, or Microsoft Azure is a popular alternative to setting up their own servers.
- But if cloud permissions are not set up correctly by the developer, bad actors can get access to their cloud storage and more.
- This kind of “hacking” is nothing new for ecommerce sites, but the increasing reliance on public cloud servers for apps makes this particularly dangerous.
- Of the 1.3 million apps tested by Zimperium, nearly 20,000 were “exposing users’ personal information, passwords, and even medical information.”
- No apps are called out by name in the report, but some apparently have millions of users:
- “One of the apps in question is a mobile wallet from a Fortune 500 company that’s exposing some user session information and financial data. Another is a transportation app from a large city that’s exposing payment data. The researchers also found medical apps with test results and even users’ profile images out in the open.”
Does that mean you should be concerned? Absolutely:
- So why aren’t any apps named? Because there are so many apps exposing information that Zimperium couldn’t possibly warn them all.
- And those that they did warn often didn’t bother to respond.
- Leaving these vulnerabilities open can have other implications, since “some of the misconfigurations would allow bad actors to change or overwrite data, creating additional potential for fraud and disruption.”
- All because someone forgot to check a few boxes.
- Think about that next time you struggle to reset your microwave clock.
- (and if you’re a developer, please double check your cloud configuration)
Roundup
📱 The latest from Xiaomi sub-brand Redmi is a solid upper-budget-tier device. Redmi Note 10 Pro review: Revved up specs for a great price (Android Authority).
📳 The world’s first phone with a 165Hz AMOLED display was announced in China, although it’s not from a brand you’ll probably like (Android Authority).
♻ What do you do with your old phone when you get a new one? Apparently less than a third trade it in (Android Authority).
🔊 Sonos announced a new portable speaker called the Sonos Roam. It ships in April, but be warned: it isn’t cheap (The Verge).
💨 Good news for US consumers: Senators have called on the FCC to increase base speeds for “high speed” internet. It’s been stuck at 25Mbps down 3Mbps up since 2015 (The Verge).
🚗 And now some bad news for US drivers: US roads got more dangerous in 2020 even though we stayed at home (Ars Technica).
🍎 Apple clarified that no, you will not be able to choose a default music player in iOS 14.5. Will this take the heat off of antitrust litigation? Probably not (TechCrunch).
❌ Valve has ceased development on its Dota card game Artifact. You can still play it for free with no microtransactions, if that’s your thing. Surely this will free up plenty of resources for Half Life 3, right? (Ars Technica).
😈 Matthew Cederquist, Game Producer for Diablo II: Resurrected, confirmed that players will be able to import 20-year-old game saves from the original title. How’s that for backwards compatibility? (IGN Middle East)
🍫 “How would you be expelled from Willy Wonka’s chocolate factory?” So many OSHA violations (r/askreddit).
Friday Fun
This week’s Friday Fun is a bit of a blast from the internet past. In certain circles of YouTube, removing music from music videos was all the rage back in 2014/2015. Mario Wienerroither was an early pioneer, with hugely popular videos like a musicless version of Elvis Presley performing Blue Suede Shoes.
Other channels like Without Music (watch their Greased Lightning video, it’s great) have continued the trend well into 2021.
Check them out but be careful not to fall too deep down the rabbit hole.
Until next time,
Nick Fernandez, Editor