BlackCSI Blog

BlackCSI has been serving the Pennsylvania area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Basic Errors Have Made Hundreds of Applications a Risk to Data

Basic Errors Have Made Hundreds of Applications a Risk to Data

Earlier this year, it became known that almost 2,000 mobile applications suffered from some type of security threat, thus putting a lot of sensitive data on the line. Let’s examine how you can ensure that your business doesn’t suffer from mobile app security issues.

Access Permissions Are the Major Culprit

Apps are not fully hosted on your device the way a desktop application might be on your computer. Rather, they are hosted in the cloud, and the app itself is more of a hard-coded shortcut that allows you access to the data or service provided by the application.

At least, that’s just how it should work in theory. According to Broadcom’s Symantec Threat Hunter, this type of single-purpose login process allows hackers to access all of the files that a cloud service contains, including company data, backups of databases, and system controls.

The scariest part is that multiple apps use the same publicly available software development kits, or SDKs, and many apps are built by the same company, allowing these login credentials to be used for multiple different types of applications and services found on the same infrastructure.

So, if a hacker were to gain access to one of the access tokens used by a company, they could potentially gain access to all of the applications which that access token provides access to.

Research conducted on Android and iOS platforms found around 2,000 applications that had their credentials hard-coded to Amazon Web Services (around three-quarters of those granting access to private cloud providers, and half of those granting access to private files), half of which also contained access tokens for unrelated applications.

What Can You Do to Protect Your Business?

Naturally, you don’t want someone to be able to access your company’s private data or the data you’ve collected from clients, employees, or other interested parties. Naturally, you should have some level of control over who within your organization can access what data.

Let’s look at it this way; the human resources department at your business might need access to employee information, but nobody else should be able to access that data. The same can be said for other data, too, according to the employee’s role within the company. The fewer people who have access to data, the less likely you are to expose said data to a security breach.

So, long story short, to keep your data safe from these types of mobile application exploits, control who can and cannot access specific data.

To learn more about how you can protect your business, call BlackCSI at (717) 620-3042.

USB Drives Carry a Lot of Business Risk in a Tiny ...
Declining PC Shipments Suggest New Business Comput...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, November 23, 2024

Captcha Image

Latest News & Events

Leading MTSP Encourages Companies to Maximize Profits with Updated Tax Code Benefits HARRISBURG, PA – October 29, 2024 - BlackCSI, a leading managed technology services provider (MTSP), is encouraging business owners to take advantage of th...

Latest Blog

Since mobile technology infiltrated the mainstream office, businesses have embraced it as a valuable communication tool. That said, mobile devices are also keys allowing hackers and other potential thieves access to your most inner sanctums...

Contact Us

Learn more about what BlackCSI
can do for your business.

(717) 620-3042

BlackCSI
124A West Harrisburg Street
Dillsburg, Pennsylvania 17019