Cyber security researchers have identified more than 1,600 vulnerabilities in the support ecosystem behind the top 5,000 free apps available in the Google Play Store. Georgia Institute of Technology and The Ohio State University researchers studied applications in the Google Play Store for the study. However, it is likely that iOS applications may share the same back-end systems.
The report found vulnerabilities in the back end systems that feed content and advertising to smartphone applications. These security bugs could allow hackers to break into databases that include personal information – and perhaps into users’ mobile devices.
The study clarifies that the affected apps are spread across multiple categories. Researchers will present their findings at the 2019 USENIX Security Symposium. Brendan Saltaformaggio, Assistant Professor in Georgia Tech’s School of Electrical and Computer Engineering issued a statement. Saltaformaggio revealed, “These vulnerabilities affect the servers that are in the cloud”. He went on to add, “And once an attacker gets on the server, there are many ways they can attack.”
Preventions
|
To prevent such serious security holes, it is important to ensure that all the software services are running on the latest software version |
System managers or administrators should also ensure that they have updated the devices with the latest patches, and bug fixes |
Researchers want to see if attackers can get into individual mobile devices that are connected to vulnerable servers. They have discovered 983 instances of known vulnerabilities and another 655 instances of zero-day vulnerabilities. These issues spanning across the software layers of the servers including operating systems, software services, communications modules, and web apps.
Another way to prevent such serious security holes is to ensure that all the software services are running on the latest software version. System managers or administrators should also ensure that they have updated the devices with the latest patches, and bug fixes.
—Zee Media Newsroom