Researchers found that most of the apps available on Apple’s App Store leak at least one hard-coded secret.
The researchers looked at 156,000 iOS apps and discovered more than 815,000 hardcoded secrets, including very sensitive secrets like keys to cloud storage, various Application Programming Interfaces (APIs), and even payment processors. The researchers noted how: “The average app’s code exposes 5.2 secrets, and 71% of apps leak at least one secret.” Secrets hard-coded in the source code of the apps are considered exposed because they are relatively easy to find and abuse by cybercriminals.
Read more…
Source: Malwarebytes Labs
Related:
- pcTattleTale spyware leaks database containing victim screenshots, gets website defaced
May 28, 2024
The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target’s device. What goes around ...
- FBI Leak Exposes Alleged Order for Warrantless Spying on Americans by Agency Personnel
May 9, 2024
There is a new leak from the Federal Bureau of Investigation (FBI) centering on an official who allegedly sent out an email that asks for warrantless spying on Americans, urging employees to find ways to do so. It was allegedly sent to FBI employees last April 20 by FBI Deputy Director Paul Abbate, telling employees to ...
- Australia: Cybercrime detectives arrest man following alleged 1 million NSW clubs customer records data breach
May 2, 2024
A Sydney man has been arrested by police over an alleged data breach of personal information of members and patrons from at least 17 licensed clubs in New South Wales and the ACT. An unauthorised website claimed to have published online the personal details of many customers, with a threat to publish those of more than ...
- Almost every Chinese keyboard app has a security flaw that reveals what users type
April 24, 2024
Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state ...
- AT&T data breach: Millions of customers’ data found on dark web
March 30, 2024
AT&T announced on Saturday it is investigating a data breach involving the personal information of more than 70 million current and former customers leaked on the dark web. According to information about the breach on the company’s website, 7.6 million current account holders and 65.4 million former account holders have been impacted. An AT&T press release ...
- High Court order will deliver ‘swift management’ of compensation claims by those affected by PSNI data breach
March 24, 2024
Claims by officers and civilian staff following a major PSNI data breach will be managed in a “swift” manner following a High Court order being granted, it has been suggested. Following the granting of a Group Litigation Order (GLO), thousands of claims by those impacted by last year’s data breach can now be dealt with, the ...