Cybersecurity researchers have identified more than 1,600 vulnerabilities in the support ecosystem behind the top 5,000 free apps available in the Google Play Store.
While the researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store, applications designed for iOS may share the same backend systems.
The vulnerabilities were found in the backend systems that feed content and advertising to smartphone applications through a network of Cloud-based servers.
The vulnerabilities, affecting multiple app categories, could allow hackers to break into databases that include personal information – and perhaps into users’ mobile devices, said the study scheduled to be presented at the 2019 USENIX Security Symposium in the US on Thursday.
“These vulnerabilities affect the servers that are in the cloud, and once an attacker gets on the server, there are many ways they can attack,” said Brendan Saltaformaggio, Assistant Professor in Georgia Tech’s School of Electrical and Computer Engineering.
The researchers were still investigating whether attackers could get into individual mobile devices connected to vulnerable servers.
“It’s a whole new question whether or not they can jump from the server to a user’s device, but our preliminary research on that is very concerning,” Saltaformaggio added.
In their study, the researchers discovered 983 instances of known vulnerabilities and another 655 instances of zero-day vulnerabilities spanning across the software layers – operating systems, software services, communications modules and web apps – of the Cloud-based systems supporting the apps.
Russian cyber security firm Kaspersky on Thursday announced the opening of its first transparency centre in Malaysia in early 2020, in partnership with CyberSecurity Malaysia — the national cyber security specialist agency.
The centre will be located in Cyberjaya city in Selangor state, alongside key cyber-related government agencies and companies in the country.
Kaspersky has so far opened two more transparency centres at Zurich in November 2018, and Madrid in June 2019, in Europe.
According to the Kaspersky, its transparency centres serve as trusted facility for the company’s partners and government stakeholders to come and check the source code of firm’s solutions.
With the opening of the new establishment probably “early next year”, Kaspersky’s Managing Director for Asia-Pacific, Stephan Neumeier said it would be the firm’s third “code review” centre across Asia-Pacific.
The intent is to make it function as a briefing centre where guests would be able to learn more about Kaspersky’s engineering and data processing practices, he said at a Kaspersky event here.
“We are excited to unlock the doors of digital hub to let users experience the services and capabilities of Kaspersky’s cybersecurity technology here in our region,” Neumeier said.
He said the aim is to address the “growing demand from partners and government stakeholders for more information on how Kaspersky’s products and technologies work”.
“As a paradigm shift for the cybersecurity industry, this facility — the first in the region — will be located in Cyberjaya, all thanks to the kind cooperation of CyberSecurity Malaysia.
“We are grateful for their trust and commitment towards us as this third-party validation proves that private companies and public agencies can team-up to better protect users from cyber crime,” he said.
Founded in 1997, Kaspersky, a global cybersecurity company, started the global transparency initiative with its announcement in October 2017.
And since then, the Russia-based firm claims that over 40 crore users are protected by its technologies and it helps 2.70 lakh corporate clients protect what matters most to them.
Commenting on the opening of the transparency centre, Eugene Kaspersky, CEO of Kaspersky, said: “It is great to be here in Kuala Lumpur — in the heart of the Asia-Pacific region– to announce the opening of our third transparency centre.
“Here, we intend to show customers and government stakeholders that our products are 100 per cent trustworthy and ensure the highest level of cybersecurity protection. The launch also proves the activities we planned under our pioneer Global Transparency initiative remain on track.”
Speaking at the event, Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia said: “As the threat landscape continues to evolve in Malaysia and in the region, we believe it is crucial for private companies such as Kaspersky and government agencies to build trust and mutual cooperation. Kaspersky’s willingness to open their doors and data processes further shows they have nothing to hide.”
As a third-party entity, Wahab said, the CyberSecurity Malaysia also shares their insights and concerns to make the cybersecurity industry better.
CyberSecurity Malaysia, an agency which works under the purview of the Ministry of Communication and Multimedia, is committed to providing a broad range of cybersecurity innovation-led services, programmes and initiatives to help reduce the vulnerability of digital systems, while at the same time, strengthening Malaysia’s self-reliance in cyberspace.
“We are really hopeful that our partnership will be an example for more government and private entities in exercising fairness and transparency for the benefit of our citizens and the cybersecurity industry,” Wahab added. ((IANS)