Personal data for more than 100 million mobile phone users Male in appearance Detected by a series of misconfigured third-party cloud services security configurations in this OS apps.
The information presented by these databases is included Emails, chat messages, location, passwords, and photos, Which, in the hands of cyber criminals, may lead to fraud, identity theft and theft of services, the cybersecurity company reports. Checkpoint.
The cause of the problem is the application developers who They exposed their private data and private information to millions of users By not following good practices in configuring and integrating external cloud services into their applications.
Specifically, the information came from real-time databases de-configuring, allowing app creators to store information in the cloud, in order to ensure it was synchronized in real time with all connected clients.
By researching the content of some apps that were publicly available, Check Point Research researchers found it feasible to do so Gain access to a large amount of sensitive informationIncluding email addresses, passwords, private chats, device location, user IDs, and more.
// Step by step how to update registration certificate and what to do if Caring app won’t work
If a cyber criminal gains access to this information, It can lead to deletion of the service (I.e., trying to use the same combination of username and password in other services) or fraud or identity theft.
Affected applications
Applications affected by decomposing real-time databases have more than one sum 100 million downloads from Android devices, It ranges between 10,000 million and 10,000 establishments.
One of the apps that is showing this configuration error is Astro Guru, Popular Astrology, horoscopes and palmistry With over 10 million downloads, it revealed the data entered by its users to receive predictions.
Across “T’Leva”, the taxi application With more than 50,000 downloads, Check Point Research has been able to access chat messages between drivers and passengers and retrieve users’ full names, phone numbers, and locations (destination and search location), all with a single request to the database.
// What apps are used to make WhatsApp stickers?
Another vulnerable app, with over 10 million downloads, is Screen Recorder, which is used to record the screen of a user’s device The recordings are stored in a cloud service, which reveals the keys that give access to the stored records.
Another example is iFax, Which not only has the cloud storage access data built into the app, but it also stores all fax transmissions there. In it, the cybercriminal can access every document sent by 500,000 users who installed it.
The cybersecurity company warned against the exposure of this type of information, which would allow users to receive attacks by pushing notifications from their phones.
After the discovery, Check Point Research contacted Google and both developers, prior to publishing this article. In fact, some have already changed their configuration, the cybersecurity company explains.
