The cybersecurity researchers from Georgia Institute of Technology and The Ohio State University did research on more than 5,000 top free applications on Google Play Store. In the support ecosystems of those apps, they found more than 1,600 vulnerabilities.
While only the applications from Google Play Store were under the lens, the researchers think that those applications can have the same problems on their iOS versions as well.
These vulnerabilities were found in the backend systems, these systems feed advertising and content to the applications via a network of cloud-based servers.
These vulnerabilities are targeting categories of apps, and due to this hackers can break into the databases which include personal information. the Study which was presented at the 2019 Security Symposium on Thursday in the United States of America also said this could be a gateway for hackers to reach into the mobile devices of the users.
Brendan Saltaformaggio, the Assistant Professor in Georgia Tech’s School of Electrical and Computer Engineering said, “these vulnerabilities are directly affecting the servers on the cloud, so if attackers get the access to those servers then there are many ways for them to attack.”
However, the investigations are still ongoing, so one can’t say for sure that the attackers can get into individual mobile phones that are connected to the affected servers.
Saltaformaggio added that is a different question whether the jump from server to a device is possible, but the results of the preliminary research imply this possibility.
till now, researchers were able to discover 983 cases of known errors and 655 cases of zero-day vulnerabilities across software layers – software services, operating systems, communications modules, and web apps – of applications of cloud-based systems.
Researchers have also developed a solution for the problem, its called SkyWalker, it is an automated system which will be used to vet the cloud servers and software library systems. this system has the ability to examine the security of the servers which are on mobile applications, however, it is specific to cloud hosting services.