Monday, December 4, 2023

40+ Apps With More Than 100 Million Downloads Exposing AWS API Keys

The cybersecurity researchers from CloudSEK has recently discovered more than 40 apps which has nearly 100 million downloads, are continuously targeting the AWS API keys.

Amazon Web Services (AWS) is generally known for its cloud computing platform for enterprises, small businesses, and not only that even it also deals with the government bodies around the globe.

AWS services and APIs are very popular and these services are being used by the millions of companies worldwide. The main purpose of using AWS services and APIs is that it simply helps the companies and organisations to fulfill their infrastructure needs and hosting requirements.

Not only this companies also uses these services, to enable their websites and mobile apps. That’s why the analysts claimed that AWS and APIs deals with all delicate and sensitive information.

Critical Vulnerability in How Developers of Apps UseThe AWS

Almost every company prefer using APIs, as this services makes work easier for the developers. These services helps to build apps that generally interact with different sources.

However, APIs help the developers of company to manage the data flowing from one app to other very efficiently. APIs are the key to AWS, therefore the API based apps like Facebook and LinkedIn, were available for all other apps out there.

These apps helps others to verify there users identities; and after research, the security researchers came to know that there are apps that uses private keys and that are kept secure. 

The API keys are being easily discovered by malicious hackers, and the analysts asserted that the hackers can later use them to compromise their data and networks as well. 

But apart from all these things, this critical vulnerability is continuously occurring in the APIs mainly, not in AWS services.

Over 10,000 Apps are Analyzed by The Experts

The cybersecurity experts have listed nealy 10,000 apps to BeVigil for further analysis, and after analysis they came to know the more than 40 apps have hardcoded all the private AWS keys.

Moreover, CloudSEK has disclosed all the security that are concerns to AWS and also the affected companies worldwide. And here are the apps whose keys are already deactivated:-

How AWS keys work and why these keys were hardcoded in the APK?

After an investigation, the experts affirmed a brief summary regarding how AWS keys works; this keys enable the programmatic access to AWS services and it does not ask the user to login themselves.

But now the question arises that why these keys were hardcoded in APK? Here are the reasons mentioned below:-

Acquiring all the static files from s3 buckets, so that later it can be reveal in the mobile app.

The data that has been collected from the app users to s3 were generally being uploaded. 

Conveying emails through the AWS SES service.

Leaked AWS Keys’ Effect 

AWS is an app that is available in the Google Play Store, with more than half a million downloads; And it also has hardcoded AWS key, and confidential secrets in its “strings.xml file”.

However, the keys that are got leaked have access to various AWS services and they also includes ACM (Certificate Manager), OpsWorks, ElasticBeanstalk, Kinesis, S3.

But, after an analysis, the report claims that the AWS keys has have access to 88 S3 buckets. According to the cybersecurity experts these 88 buckets contain nearly 10,073,444 files and the information that was being exposed is total of 5.5 Terabytes.

So, all these were deployed to host the files and the data that are being generated from the projects.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.


Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles