• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

DOJ takes action against 22-year-old running RapperBot Botnet

 | 

Google fixed Chrome flaw found by Big Sleep AI

 | 

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

 | 

A hacker tied to Yemen Cyber Army gets 20 months in prison

 | 

Exploit weaponizes SAP NetWeaver bugs for full system compromise

 | 

Allianz Life security breach impacted 1.1 million customers

 | 

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

 | 

AI for Cybersecurity: Building Trust in Your Workflows

 | 

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Mobile
  • Security
  • 1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials

1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials

Pierluigi Paganini September 01, 2022

Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials.

Researchers from Broadcom Symantec’s Threat Hunter team discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials that allowed access to private cloud services.

The experts pointed out that most of the apps containing hard-coded Amazon Web Services were iOS apps (98%), this is a trend that the researchers have been tracking for years.

47% of these apps contained valid AWS tokens that granted complete access to all private files, including backups, and Amazon S3 buckets in the cloud.

“Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services.” reads the report published by Broadcom Symantec. “Close to half (47%) of those apps contained valid AWS tokens that also gave full access to numerous, often millions, of private files via the Amazon Simple Storage Service (Amazon S3)”

The experts discovered that the majority of the apps (53%) were using the same AWS access tokens found in other apps developed by the same team or company. This finding suggests a potential supply chain vulnerability, these AWS access tokens are often exposed through shared library, third-party SDK, or other shared components used by the development teams.

The development teams are using hard-coded access keys for multiple reasons, such as downloading or uploading assets and resources required for the app (large media files, recordings, or images), accessing configuration files for the app and/or registering the device and collecting device information and storing it in the cloud, and accessing cloud services that require authentication. In some cases, the presence of the access keys has no specific reason, in other cases, they are part of testing and never removed code. 

The researchers also provided details about some case studies, such as an unnamed B2B company offering an intranet and communication platform that also provided a mobile software development kit (SDK) to its customers. The problem is that the SDK included cloud infrastructure keys embedded used to access the translation service.

The result is that the files of the company used on its intranet for over 15,000 medium-to-large-sized companies were exposed along with customers’ corporate data, financial records, and employees’ private data.

The experts also found several popular iOS banking apps using the same third-party AI Digital Identity SDK that embedded the same cloud credentials, posing the entire infrastructures at risk.

These credentials are typically used for downloading appropriate resources necessary for the app’s functions as well as accessing configuration files and authenticating to other cloud services.

“The credentials could expose private authentication data and keys belonging to every banking and financial app using the SDK. Furthermore, users’ biometric digital fingerprints used for authentication, along with users’ personal data (names, dates of birth, etc.), were exposed in the cloud.” continues the report. “In addition, the access key exposed the infrastructure server and blueprints, including the API source code and AI models, used for the whole operation. In total, over 300,000 biometric digital fingerprints were leaked across five mobile banking apps using the SDK.”

The experts also illustrated the case of an Online gaming technology platform depending on another company for their technology platform.

In total, experts discovered 16 different online gambling apps using the vulnerable library exposed full infrastructure and cloud services across all AWS cloud services. The issue could allow a third party to achieve full read/write root account credentials. 

The company notified all the organizations behind those vulnerable apps about the issues.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Log4Shell)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Amazon Amazon S3 bucket Android Hacking hacking news information security news iOS IT Information Security privacy Security Affairs Security News

you might also like

Pierluigi Paganini August 20, 2025
Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin
Read more
Pierluigi Paganini August 20, 2025
DOJ takes action against 22-year-old running RapperBot Botnet
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    DOJ takes action against 22-year-old running RapperBot Botnet

    Cyber Crime / August 20, 2025

    Google fixed Chrome flaw found by Big Sleep AI

    Security / August 20, 2025

    Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

    Data Breach / August 20, 2025

    A hacker tied to Yemen Cyber Army gets 20 months in prison

    Cyber Crime / August 20, 2025

    Exploit weaponizes SAP NetWeaver bugs for full system compromise

    Security / August 20, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT