Flawed Android and iOS app developer practices could allow attackers to access private Amazon Web Services (AWS) credentials, researchers say.
Android and iOS were found to contain hard-coded AWS credentials, a flaw malicious actors could use to penetrate private databases, resulting in personal data loss and data breaches.
Researchers at Broadcom Software identified 1,859 publicly available apps with hardcoded AWS credentials. The vast majority of the apps, 98%, were iOS apps.
According to the recently published report, over three-quarters of apps had valid AWS access tokens that allow access to private AWS networks. Half of the apps with valid tokens gave full access to countless personal files via the Amazon Simple Storage Service