Pages

Research Finds Nearly 1,800 iOS Apps Leaking AWS Credentials and Harming the Supply Chain

Amazon’s main revenue generator is of course its immense ecommerce platform, but in spite of the fact that this is the case the corporate juggernaut has also created an additional source of income through Amazon Web Services. A team of analysts working at Symantec recently found that there are around 1,859 applications that possess vulnerabilities that could give malicious actors easy access to AWS credentials.

With all of that having been said and now out of the way, it is important to note that this poses a huge risk to the supply chain. 77% of these applications had valid tokens for accessing AWS servers hard coded into their backend, which is risky because of the fact that this is the sort of thing that could potentially end up allowing hackers to enter private servers if they their hands on these credentials.

The vast majority of these apps were for iOS, with only 37 being for Android phones with all things having been considered and taken into account. Businesses often store very sensitive client data, and B2B transactions that are crucial to the functioning of the global supply chain can be exposed due to them being hard coded.

Businesses working with other commercial entities often give them an SDK, or software development kit, and this SDK is what contains the cloud credentials. Malicious actors may be able to use these credentials and pose as legitimate clients, and that can disrupt the supply chain in numerous ways.

There are already a number of issues that are clogging up the supply chain, and vulnerabilities can make matters even worse than might have been the case otherwise. Supply chain issues are some of the main driving factors behind inflation, and unless something is done to patch these loopholes we might start to see even more disruptions down the line.

Many businesses forget that they have hard coded credentials, so if they were to revamp their systems they’d be able to mitigate the problem for a while. Structural change is necessary otherwise exploitation of vulnerabilities will continue for be an issue.


Read next: Cybersecurity Experts Warn Against New Email Phishing Scam Where Hackers Pose As Instagram

No comments: