News/Tech News

Over 1,800 Android and iOS apps leak AWS credentials

Published on Sep 02, 2022

A total of 1,859 apps across Android and iOS contain hard-coded Amazon Web Services (AWS) credentials, posing a major security threat.

In a report shared with The Hacker News, Symantec’s Threat Hunter team, a part of Broadcom Software, said that over three-quarters (77%) of the apps contained valid AWS access tokens.

It was found that over 50% of the apps used the same AWS tokens found in other apps maintained by other developers and companies, highlighting a serious supply chain issue.

AWS access tokens could be traced to a shared library, third-party SDK, or another shared component, the researchers reported.

Credentials are typically used for downloading resources necessary to perform the app’s functions, accessing configuration files, and authenticating to other cloud services.

To make matters worse, 47% of the identified apps contained valid AWS tokens, granting complete access to all private files and S3 buckets. Among these were infrastructure files and data backups.

Symantec discovered that an unnamed B2B company offering an intranet and communication platform that offered a mobile software development kit (SDK) to its customers had embedded its cloud infrastructure keys into the SDK.

The company exposed all its customers’ private information, including corporate data and financial records belonging to over 15,000 medium- to large-sized companies.

Researchers found that rather than limiting the hard-coded token to use with the translation cloud service, anyone with the token had access to all of the B2B company’s AWS services.

Also exposed were five iOS banking apps that used the same AI Digital Identity SDK that contained the cloud credentials, effectively leaking information about 300,000 users’ fingerprints.

The cybersecurity firm notified the organizations about the issues uncovered in their apps.

Researchers from CloudSEK revealed that 3,207 mobile apps expose Twitter API keys in the open, some of which can be used to access Twitter accounts associated with the apps.

Tech News

Malware updates for macOS

Malware updates for macOS Monterey with Python 3

With XCSSET macOS malware, the operators have added support for macOS Monterey by upgrading its source code components to Python 3…

best programming languages

Top programmable languages for 2022

IEEE Spectrum, the official publication of the IEEE, has published its ninth annual ranking of the best programming languages Despite Python’s dominance, C…

Our Latest Blog

Mastering Full Stack Python Development with Django A Comprehensive Guide

Mastering Full Stack Python Development with Django: A Comprehensive Guide

Python is a powerful programming language that has taken the world of web development by...
Read More
Mastering Machine Learning A Beginner's Guide to Python

Mastering Machine Learning: A Beginner’s Guide to Python

Welcome to the world of machine learning! With the ever-increasing demand for artificial intelligence and...
Read More
Unlocking the Power of Data Science with Python A Beginner's Guide

Unlocking the Power of Data Science with Python: A Beginner’s Guide

Data science has become an essential part of many industries today, and Python has become...
Read More

Follow Us


Browse LSET presentations to understand interesting…

Explore Now

Get complete guides to empower yourself academically…

Explore Now

Learn about information technology and business…

Explore Now