Security News > 2021 > May > Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys
A latest report shared with The Hacker News detailed how the BeVigil search engine identified over 40 apps - with more than a cumulative 100 million downloads - that had hardcoded private Amazon Web Services keys embedded within them, putting their internal networks and their users' data at risk of cyberattacks.
The findings are the result of an analysis of over 10,000 apps submitted to CloudSEK's BeVigil, a mobile app security search engine.
" AWS keys hardcoded in a mobile app source code can be a huge problem, especially if it's role has wide scope and permissions," CloudSEK researchers said.
In an app analyzed by the Bengaluru-based cybersecurity firm, the exposed AWS key had access to multiple AWS services, including credentials for the S3 storage service, which in turn opened up access to 88 buckets containing 10,073,444 files and data amounting to 5.5 terabytes.
Security teams could rely on BeVigil to identify any malicious apps that use malicious SDKs. An in-depth investigation of various apps that are on the web can be done by security researchers using metadata search.
You can search millions of apps for vulnerable code snippets or keywords to learn which apps contain them.