Technology
Bugs found in backend systems of top 5,000 free Android apps
New York, Aug 13
Cybersecurity researchers have identified more than 1,600 vulnerabilities in the support ecosystem behind the top 5,000 free apps available in the Google Play Store.
While the researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store, applications designed for iOS may share the same backend systems.
The vulnerabilities were found in the backend systems that feed content and advertising to smartphone applications through a network of Cloud-based servers.
The vulnerabilities, affecting multiple app categories, could allow hackers to break into databases that include personal information - and perhaps into users' mobile devices, said the study scheduled to be presented at the 2019 USENIX Security Symposium in the US on Thursday.
"These vulnerabilities affect the servers that are in the cloud, and once an attacker gets on the server, there are many ways they can attack," said Brendan Saltaformaggio, Assistant Professor in Georgia Tech's School of Electrical and Computer Engineering.
The researchers were still investigating whether attackers could get into individual mobile devices connected to vulnerable servers.
"It's a whole new question whether or not they can jump from the server to a user's device, but our preliminary research on that is very concerning," Saltaformaggio added.
In their study, the researchers discovered 983 instances of known vulnerabilities and another 655 instances of zero-day vulnerabilities spanning across the software layers - operating systems, software services, communications modules and web apps - of the Cloud-based systems supporting the apps.
To help developers improve the security of their mobile apps, the researchers have created an automated system called SkyWalker to vet the Cloud servers and software library systems.
SkyWalker can examine the security of the servers supporting mobile applications, which are often operated by Cloud hosting services rather than individual app developers.
While the researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store, applications designed for iOS may share the same backend systems.
The vulnerabilities were found in the backend systems that feed content and advertising to smartphone applications through a network of Cloud-based servers.
The vulnerabilities, affecting multiple app categories, could allow hackers to break into databases that include personal information - and perhaps into users' mobile devices, said the study scheduled to be presented at the 2019 USENIX Security Symposium in the US on Thursday.
"These vulnerabilities affect the servers that are in the cloud, and once an attacker gets on the server, there are many ways they can attack," said Brendan Saltaformaggio, Assistant Professor in Georgia Tech's School of Electrical and Computer Engineering.
The researchers were still investigating whether attackers could get into individual mobile devices connected to vulnerable servers.
"It's a whole new question whether or not they can jump from the server to a user's device, but our preliminary research on that is very concerning," Saltaformaggio added.
In their study, the researchers discovered 983 instances of known vulnerabilities and another 655 instances of zero-day vulnerabilities spanning across the software layers - operating systems, software services, communications modules and web apps - of the Cloud-based systems supporting the apps.
To help developers improve the security of their mobile apps, the researchers have created an automated system called SkyWalker to vet the Cloud servers and software library systems.
SkyWalker can examine the security of the servers supporting mobile applications, which are often operated by Cloud hosting services rather than individual app developers.
5 minutes ago
'Made in India' chips will run devices globally: PM Modi highlights India's manufacturing ambition at New York community event
2 hours ago
PM Modi in New York talks about 'Pushp' as way forward
2 hours ago
We are putting in all possible efforts to host the 2036 Olympics": PM Modi in New York
2 hours ago
PM Modi praises President Biden's hospitality: "His warmth touched my heart"
2 hours ago
India to open two new consulates in Boston & Los Angeles: PM Modi
3 hours ago
America-India is the AI power of the new world: PM Modi
3 hours ago
Have always understood capabilites of Indian diaspora...I call you Rashtradoot: PM Modi in New York
3 hours ago
India's 'Namaste' has become multinational, "local se global ho gaya": PM Modi tells diaspora in New York
4 hours ago
PM Modi given thunderous welcome at Nassau Coliseum, to address Indian diaspora in US shortly
7 hours ago
Security heightened for PM Modi’s New York rally
7 hours ago
NRIs recall PM Modi's early US visits: Visionary leadership and tech enthusiasm
9 hours ago
Thousands travel from across US to attend PM Modi's diaspora event in Uniondale
11 hours ago
PM Modi arrives in New York to attend UN Summit of the Future