This is the Shared Security Weekly Blaze for July 2nd, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions and Silent Pocket. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here!
Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated!
Show Transcript
This is your Shared Security Weekly Blaze for July 9th 2018 with your host, Tom Eston. In this week’s episode: Mobile app data leaks, the California privacy act, and third-party Gmail access.
The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details.
Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
Researchers from a mobile security company called Appthority have released concerning details about their research into Android and Apple iOS apps that use a cloud-based backend database called Firebase. Firebase was acquired by Google in 2014. Appthority reviewed more than 2.7 million mobile apps and discovered that around two-thousand of these apps had unsecured Firebase databases. These databases were found to be wide-open allowing anyone to view around 2.6 million user names and plain text passwords, 25 million GPS location records, 50 thousand financial transactions and approximately 4.5 million user tokens for social media sites. In addition, over 4 million PHI (Protected Health Information) records were found containing prescription and private chat records. To add more insult to injury, all that was needed to access these unsecured databases was to append a simple “/.json” to the end of a database host name. The good news is that Appthority reached out to Google to alert them of the issue and Google was able to contact app developers to fix the issue.
Ironically, in our last episode of the podcast, we discussed the Exactis data leak which exposed 340 million records due to developers not properly securing ElasticSearch databases. Data leaks due to developers not properly securing and configuring databases seems to have reached epidemic proportions. The unfortunate side effect of data leaks like these is that if your data happened to be exposed, you may never know about it. Of course, unless your data happens to show up on list of compromised databases like Troy Hunt’s “Have I been Pwnd” service, it’s very hard to know if criminals have accessed or used data from all these recent data leaks. Until developers and database software takes a “security by default” approach and companies are held more accountable for securing our private information, data leaks like the
Published on 7 years, 5 months ago
If you like Podbriefly.com, please consider donating to support the ongoing development.
Donate