German Team Warns of ‘Heartbleed’ Type Flaw in Data Storage Worldwide Again

A German team has revealed that a flaw in the very system of storing data online via mobile applications is leading to 56 million items of unprotected data in products they studied so far with more in store.

Whether they are passwords, addresses, door codes, location data, games, social networks, messaging, medical and bank transfer apps — all are vulnerable to hackers.

The major faux pax lies in the authentication code and the way it was written by app developers and the way it was used when storing data in online databases, said the team from Darmstadt University of Technology. The team leader of the project, Eric Bodden, said some billions of records would have been hit by the flaw.

“In almost every category we found an app which has this vulnerability in it,” said Siegfried Rasthofer, another team member from the Fraunhofer Institute for Secure Information Technology and Darmstadt University of Technology.

They said these apps user services like Amazon’s Web Services or Facebook’s Parse to store and exchange or retrieve data choosing the default option of letters and numbers embedded in the software’s code, called a token, which can be extracted and tweaked in the app, which then gives them access to the private data of all users of that app stored on the server.Heartbleed Bug

The researchers have declined to name the vulnerable applications but said they have informed Apple, Facebook, Amazon and Google so far. Rathofer said Facebook’s Parse customers, some of them world’s biggest companies, have been affected.

The vulnerability of mobile device is the main avenue of all the vulnerability, said German researchers, as implementing stronger security is harder, and partly because developers are in a rush to release their apps, without thorough security checks

Team leader Eric Bodden said the new discovery is as big as the Heartbleed bug that had threatened half the world Internet last year, making half a million web servers susceptible to data theft.


One comment

  1. Heartbleed still bleeding your security? Get your website tested to see if you are truly secured. Google and Codenomicon were responsible for finding this bug which had remained hidden for more than two years. Heartbleed was a bug which had affected OpenSSL, the most prevalent software used for encrypting sensitive data on internet. Websites that use encryption, payment gateways, VPNs, apps including mobile apps, all use SSL and a large majority of them use OpenSSL.

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.