Phantom Technology Solutions Blog

Phantom Technology Solutions has been serving the Indiana area since 2010, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Basic Errors Have Made Hundreds of Applications a Risk to Data

Basic Errors Have Made Hundreds of Applications a Risk to Data

Earlier this year, it became known that almost 2,000 mobile applications suffered from some type of security threat, thus putting a lot of sensitive data on the line. Let’s examine how you can ensure that your business doesn’t suffer from mobile app security issues.

Access Permissions Are the Major Culprit

Apps are not fully hosted on your device the way a desktop application might be on your computer. Rather, they are hosted in the cloud, and the app itself is more of a hard-coded shortcut that allows you access to the data or service provided by the application.

At least, that’s just how it should work in theory. According to Broadcom’s Symantec Threat Hunter, this type of single-purpose login process allows hackers to access all of the files that a cloud service contains, including company data, backups of databases, and system controls.

The scariest part is that multiple apps use the same publicly available software development kits, or SDKs, and many apps are built by the same company, allowing these login credentials to be used for multiple different types of applications and services found on the same infrastructure.

So, if a hacker were to gain access to one of the access tokens used by a company, they could potentially gain access to all of the applications which that access token provides access to.

Research conducted on Android and iOS platforms found around 2,000 applications that had their credentials hard-coded to Amazon Web Services (around three-quarters of those granting access to private cloud providers, and half of those granting access to private files), half of which also contained access tokens for unrelated applications.

What Can You Do to Protect Your Business?

Naturally, you don’t want someone to be able to access your company’s private data or the data you’ve collected from clients, employees, or other interested parties. Naturally, you should have some level of control over who within your organization can access what data.

Let’s look at it this way; the human resources department at your business might need access to employee information, but nobody else should be able to access that data. The same can be said for other data, too, according to the employee’s role within the company. The fewer people who have access to data, the less likely you are to expose said data to a security breach.

So, long story short, to keep your data safe from these types of mobile application exploits, control who can and cannot access specific data.

To learn more about how you can protect your business, call Phantom Technology Solutions at (800) 338-4474.

USB Drives Carry a Lot of Business Risk in a Tiny ...
Declining PC Shipments Suggest New Business Comput...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, December 22, 2024

Captcha Image

Latest Blog

Physical security is just as important as cybersecurity, and digital security cameras are a great tool to help maintain spaces. Whether you have an office, a retail space, a warehouse, or any other property, a security camera can help you k...

Contact Us

Learn more about what Phantom Technology Solutions
can do for your business.

Phantom Technology Solutions
5097 N 600 E
Rolling Prairie, Indiana 46371

FAX: 574-968-1790

Account Login