Categories: AndroidData Breach

40+ Apps With More Than 100 Million Downloads Exposing AWS API Keys

The cybersecurity researchers from CloudSEK has recently discovered more than 40 apps which has nearly 100 million downloads, are continuously targeting the AWS API keys.

Amazon Web Services (AWS) is generally known for its cloud computing platform for enterprises, small businesses, and not only that even it also deals with the government bodies around the globe.

AWS services and APIs are very popular and these services are being used by the millions of companies worldwide. The main purpose of using AWS services and APIs is that it simply helps the companies and organisations to fulfill their infrastructure needs and hosting requirements.

Not only this companies also uses these services, to enable their websites and mobile apps. That’s why the analysts claimed that AWS and APIs deals with all delicate and sensitive information.

Critical Vulnerability in How Developers of Apps UseThe AWS

Almost every company prefer using APIs, as this services makes work easier for the developers. These services helps to build apps that generally interact with different sources.

However, APIs help the developers of company to manage the data flowing from one app to other very efficiently. APIs are the key to AWS, therefore the API based apps like Facebook and LinkedIn, were available for all other apps out there.

These apps helps others to verify there users identities; and after research, the security researchers came to know that there are apps that uses private keys and that are kept secure. 

The API keys are being easily discovered by malicious hackers, and the analysts asserted that the hackers can later use them to compromise their data and networks as well. 

But apart from all these things, this critical vulnerability is continuously occurring in the APIs mainly, not in AWS services.

Over 10,000 Apps are Analyzed by The Experts

The cybersecurity experts have listed nealy 10,000 apps to BeVigil for further analysis, and after analysis they came to know the more than 40 apps have hardcoded all the private AWS keys.

Moreover, CloudSEK has disclosed all the security that are concerns to AWS and also the affected companies worldwide. And here are the apps whose keys are already deactivated:-

How AWS keys work and why these keys were hardcoded in the APK?

After an investigation, the experts affirmed a brief summary regarding how AWS keys works; this keys enable the programmatic access to AWS services and it does not ask the user to login themselves.

But now the question arises that why these keys were hardcoded in APK? Here are the reasons mentioned below:-

Acquiring all the static files from s3 buckets, so that later it can be reveal in the mobile app.

The data that has been collected from the app users to s3 were generally being uploaded. 

Conveying emails through the AWS SES service.

Leaked AWS Keys’ Effect

AWS is an app that is available in the Google Play Store, with more than half a million downloads; And it also has hardcoded AWS key, and confidential secrets in its “strings.xml file”.

However, the keys that are got leaked have access to various AWS services and they also includes ACM (Certificate Manager), OpsWorks, ElasticBeanstalk, Kinesis, S3.

But, after an analysis, the report claims that the AWS keys has have access to 88 S3 buckets. According to the cybersecurity experts these 88 buckets contain nearly 10,073,444 files and the information that was being exposed is total of 5.5 Terabytes.

So, all these were deployed to host the files and the data that are being generated from the projects.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…

8 hours ago

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…

11 hours ago

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…

11 hours ago

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…

12 hours ago

Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…

13 hours ago

4M+ WordPress Websites to Attacks, Following Plugin Vulnerability

A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…

15 hours ago