A mobile security company has analyzed over a million apps on iOS and Android. According to her, more than 20,000 applications use a server in the cloud whose configuration is not protected. As a result, any hacker can access the data to recover it or even erase it altogether.

For several years, data leaks have made the headlines and, recently, hackers have put up for sale on the Dark Web the medical data of 500,000 French people. But more often than not, hackers do not necessarily need to employ sophisticated means to achieve this. This is what the mobile security company reveals Zimperium.

This company analyzed 1.3 millionapplications iOS and Android, and its verdict is final: many publishers do not protect your personal data! As written Wired, it’s like going on vacation leaving a window opened. Clearly, hackers just have to open the eyes, spot a flaw and help yourself …

In question, storage in the Cloud. Of the million applications studied, more than 130,000 store data on public cloud services such as Amazon Web Services, Google Cloud or Microsoft Azure. Among them, nearly 20,000 have misconfigured their server, and they expose personal information, such as e-mail addresses, Passwords and even medical information.

Phone number, password, photos …

It’s a worrying trend, notes Shridhar Mittal, CEO of Zimperium. Many of these apps have cloud storage that was not configured properly by the developer or anyone who had access to the configuration and because of that the data is visible to just about everyone. And most of us currently have some of these apps.

Most worrying is that these are very popular applications, and Zimperium site is an example of an application that acts as a wallet. digital, and which exposes banking and financial data. Another app does not protect medical test results while a major city transportation app exposes payment data. An application of social network also allows access to photos and displays the user’s phone number …

What if medical tests were erased?

There are plenty of examples, and Zimperium was surprised to find that developers and publishers were ultimately unresponsive when warned of the leaks. This is dangerous because if this security company has managed to expose these data leaks, any hacker is perfectly capable of it.

More than personal data, a hacker might even gain access to server configuration files and thus take control of the architecture of the server and even of the network as a whole. Zimperium also mentions the possibility, quite frightening, of modifying or even erasing all the data. What in the context of medical data would be catastrophic. All without the users being obviously aware of the danger involved.

Interested in what you just read?