More than 1,800 mobile applications have hardcoded AWS credentials, according to Symantec, which has issued a warning about the potential dangers of lax security measures.
While the threat hunting team at Symantec has examined both iOS and Android apps, almost majority of the programs with hardcoded credentials were created for iOS. Upon additional inspection, it was discovered that 77% of the apps had working AWS access tokens for private cloud services, and that nearly half of them had credentials for full file access. The study draws attention to a supply chain problem that could have detrimental effects.
More than half of the mobile applications shared AWS access tokens with other apps, frequently developed by different organizations and developers.
For more such updates follow us on Google News ITsecuritywire News