Tuesday November 19, 2019
Home Lead Story Researchers F...

Researchers Find Bugs in Backend Systems of Top Free Apps

SkyWalker can examine the security of the servers supporting mobile applications, which are often operated by Cloud hosting services rather than individual app developers

0
//
carbon, digital
Multiple apps are displayed on an iPhone in New York. VOA

Cybersecurity researchers have identified more than 1,600 vulnerabilities in the support ecosystem behind the top 5,000 free apps available in the Google Play Store.

While the researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store, applications designed for iOS may share the same backend systems.

The vulnerabilities were found in the backend systems that feed content and advertising to smartphone applications through a network of Cloud-based servers.

The vulnerabilities, affecting multiple app categories, could allow hackers to break into databases that include personal information – and perhaps into users’ mobile devices, said the study scheduled to be presented at the 2019 USENIX Security Symposium in the US on Thursday.

“These vulnerabilities affect the servers that are in the cloud, and once an attacker gets on the server, there are many ways they can attack,” said Brendan Saltaformaggio, Assistant Professor in Georgia Tech’s School of Electrical and Computer Engineering.

facebook, instagram
Facebook, Messenger and Instagram apps are displayed on an iPhone, March 13, 2019, in New York. VOA

The researchers were still investigating whether attackers could get into individual mobile devices connected to vulnerable servers.

“It’s a whole new question whether or not they can jump from the server to a user’s device, but our preliminary research on that is very concerning,” Saltaformaggio added.

In their study, the researchers discovered 983 instances of known vulnerabilities and another 655 instances of zero-day vulnerabilities spanning across the software layers – operating systems, software services, communications modules and web apps – of the Cloud-based systems supporting the apps.

Also Read: Teen Vogue Publication Slammed For Their Snapchat Story About Teen Abortions

To help developers improve the security of their mobile apps, the researchers have created an automated system called SkyWalker to vet the Cloud servers and software library systems.

SkyWalker can examine the security of the servers supporting mobile applications, which are often operated by Cloud hosting services rather than individual app developers. (IANS)

Next Story

Apple Releases iOS 13.1.3, iPadOS 13.1.3 to Fix Bugs: Report

Once clicked on Download and Install, it will do its work to bring the device up to date

0
Apple, smartphone
Customers walk past an Apple logo inside of an Apple store at Grand Central Station in New York, Aug. 1, 2018. VOA

Apple released iOS 13.1.3 along with iPadOS 13.1.3, minor updates to the iOS 13.1.2 software that was released few days back, to fix bugs and upgrade performance.

The iOS 13.1.3 update addresses an issue that could prevent device from ringing or vibrating for an incoming call. It also aims to resolve an issue where data in the Health app may not display correctly after daylight savings time adjusts, Apple said in a release.

The new update also fixes an issue where Voice Memos recordings may not download after restoring from iCloud Backup and more.

Meanwhile, the iPadOS 13.1.3 update fixes an issue that may prevent opening a meeting invite in Mail. It also fixes an issue where Voice Memos recordings may not download after restoring from iCloud Backup.

apple, software, updates, iOS
An Apple company logo is seen behind tree branches outside an Apple store in Beijing, Dec. 14, 2018. VOA

Additionally, the update addresses an issue where apps might fail to download when restoring from iCloud Backup.

The iOS and iPadOS 13.1.3 updates are available on all eligible devices over-the-air.

Also Read: Report says, Most Employees Tend to Ignore 40% Emails Daily

To download the new update a user need to go to the Settings on the device and then choose General, then Software Update.

Once clicked on Download and Install, it will do its work to bring the device up to date. (IANS)