Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret.
The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming Interfaces (APIs), and even payment processors. The researchers noted how: “The average app’s code exposes 5.2 secrets, and 71% of apps leak at least one secret.” Secrets hard-coded in the source code of the apps are considered exposed because they are relatively easy to find and abuse by cybercriminals.
Read more…
Source: Malwarebytes Labs
Related:
- Hacked GPS tracker reveals location data of customers
August 19, 2024
Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see. The investigation into Tracki, besides uncovering a tangled web of companies, dubious websites, and false identities, also led to a ...
- ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
August 13, 2024
This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws ...
- Zimbabwe: Disclosure of cyber attacks must be mandatory to protect clients
August 9, 2024
In the wake of the recent high-profile cyber attack on one of the country’s largest financial institutions, it has become clear that stronger regulations are needed to ensure financial firms disclose when their systems have been breached. The hack resulted in the theft and public leaking of sensitive customer and operational data, putting thousands of Zimbabweans ...
- How “professional” ransomware variants boost cybercrime groups
August 1, 2024
Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. This requires no extraordinary effort, as source code is often leaked or published. With a set ...
- Stolen test data and NHS numbers published by Qilin hackers
June 21, 2024
A gang of cyber criminals causing huge disruption to multiple London hospitals has published sensitive patient data stolen from an NHS blood testing company. Overnight on Thursday, Qilin shared almost 400GB of the private information on their darknet site. The gang has been trying to extort money from NHS provider Synnovis since they hacked the firm ...
- Police Service Northern Ireland had 260 data breaches in two years, with only a fraction reported or disclosed
June 12, 2024
Figures released under a Freedom of Information request have shown the PSNI had 260 data breaches over two years — but only a fraction of them were reported to external authorities, and even fewer were publicly disclosed. In one case, a data breach was not reported for almost eight years. In 2022, there were 154 breaches, ...