Cybersecurity researchers have identified more than 1,600 vulnerabilities in the support ecosystem behind the top 5,000 free apps available in the Google Play Store. Georgia Institute of Technology and The Ohio State University researchers studied applications in the Google Play Store for the study. However, it is likely that iOS applications may share the same back-end systems. The report found vulnerabilities in the backend systems that feed content and advertising to smartphone applications.
These security bugs could allow hackers to break into databases that include personal information – and perhaps into users’ mobile devices. The study clarifies that the affected apps are spread across multiple categories. Researchers will present their findings at the 2019 USENIX Security Symposium. Brendan Saltaformaggio, Assistant Professor in Georgia Tech’s School of Electrical and Computer Engineering issued a statement. Saltaformaggio revealed, “These vulnerabilities affect the servers that are in the cloud”. He went on to add, “And once an attacker gets on the server, there are many ways they can attack.”
The researchers were still investigating the matter. They want to see if attackers can get into individual mobile devices that are connected to vulnerable servers. “It’s a whole new question whether or not they can jump from the server to a user’s device.” Saltaformaggio continued, “But our preliminary research on that is very concerning.” Researchers have discovered 983 instances of known vulnerabilities and another 655 instances of zero-day vulnerabilities. These issues spanning across the software layers of the servers including operating systems, software services, communications modules, and web apps.
Potential ways to fix these security bugs
To help developers improve the security of their mobile apps, the researchers have created an automated system called SkyWalker. This system will vet the Cloud servers and software library systems. SkyWalker can examine the security of the servers supporting mobile applications. Cloud hosting services often operate these servers instead of individual app developers. Another way to prevent such serious security holes is to ensure that all the software services are running on the latest software version. System managers or administrators should also ensure that they have updated the devices with the latest patches, and bug fixes.
With inputs from IANS