The official Xiaomi Miui community in our country.
April 27 2024
News by Xiaomi Miui Hellas
Home » All the news » News » Press release » Check Point Research: Thousands of databases exposed in the Cloud were found
Press release

Check Point Research: Thousands of databases exposed in the Cloud were found

from Mi Team0
check-point-research-logo

Η Check Point Research (CPR) discovered sensitive data in mobile applications unprotected and available to anyone with a Browser.

Ψpointing to “VirusTotal", the CPR he found 2.113 mobile applications, whose databases in cloud were unprotected and exposed, all during a three-month research study. Mobile applications ranged from 10.000+ downloads up to 10.000.000+ downloads.

Η Check Point Research (CPR) found that the sensitive data of a range of mobile applications was exposed and available to anyone with a browser. The VirusTotal, an affiliate of Google, is a free online tool that analyzes files and URLs to detect viruses, trojans and other forms of malware.

The sensitive data found exposed by CPR included: personal family photos, coupon IDs in a healthcare app, data from cryptocurrency exchange platforms And much more. CPR provides several examples of applications whose data were found exposed.

In one of them, CPR found exposed more than 50.000 private messages from a popular dating app. THE CPR warns of how easily data breach can occur through the method described and what cloud security developers can do to better protect their applications. In order to avoid exploitation, CPR will not currently list the names of the mobile applications involved in the investigation.

Access Methodology

For accessing exposed databases, the methodology is simple:

  1. Search for mobile applications that communicate with cloud services at VirusTotal
  2. Archive those that have direct access to data
  3. Browse the link you received

Comment: Lotem Finkelsteen, Head of Threat Intelligence and Research at Check Point Software:

In this research, we show how easy it is to locate datasets and critical resources that are open to the cloud to anyone who can simply access them with a single browser. We share a simple method on how hackers might do it. The methodology includes searching in public file storage centers, such as VirusTotal, for mobile applications that use cloud services.

A hacker may ask VirusTotal the full path to the cloud backend of a mobile application. We ourselves share some examples of what we could find there. Everything we found is available to anyone. Finally, with this research we prove how easy it is for a data breach or exploitation to occur.

The amount of data that is open and available to anyone in the cloud is insane. It is much easier to break than we think.

Read also

How to stay safe:

Here are some tips to ensure your various cloud services are secure:

Amazon Web Services
AWS CloudGuard S3 Bucket Security
Specific rule: “Ensure S3 buckets are not publicly accessible” Rule ID: D9.AWS.NET.06
Specific rule: "Make sure S3 buckets are not accessible to the general public." Rule ID: D9.AWS.NET.06

Google Cloud Platform
Ensure that Cloud Storage DB is not anonymously or publicly accessible Rule ID: D9.GCP.IAM.09
Make sure the cloud storage database is not anonymous or publicly accessible Rule ID: D9.GCP.IAM.09

Microsoft Azure
Ensure default network access rule for Storage Accounts is set to deny Rule ID: D9.AZU.NET.24
Make sure the default network access rule for storage accounts is set to deny Rule ID D9.AZU.NET.24

Press Release

Mi TeamDo not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn

 

Follow us on Telegram so that you are the first to learn our every news!
Community editorial team. We are always looking for the best news and presentations!

Read also

COSMOTE: Offers free unlimited data for 7 days for Easter for all its subscribers

Mi Team

Vodafone: Easter offer with unlimited data for 5 days, for just €1,90

Mi Team

Vodafone : Package changes and big price increases announced

Mi Team

8 photographers capture the artistic side of 8 European cities with the new AI capabilities in the motorola edge 50 series cameras

Mi Team

COSMOTE Fiber : For the first time offers speeds up to 10Gbps!

Mi Team

Vodafone : Offers unlimited data to everyone for 5 days for just €1,90

Mi Team

Leave a comment

Save my name, email, and website to this navigator, next time I comment.

* By using this form you agree to the storage and distribution of your messages on our page.

This site uses Akismet to reduce spam comments. Find out how your feedback data is processed.

Leave a Review

Xiaomi Miui Hellas
The official community of Xiaomi and MIUI in Greece.

About us

About us

We are the official Fan Club (community) of Xiaomi and Miui in Greece.
We wish you a good stay in our community.

[rss-feed-icon]

@2018 - news.xiaomi-miui.gr. All Rights Reserved.
Read also
This is not the first time we have heard of it in recent years, but it seems…