Misconfigured Firebase Databases Exposing Data in Mobile Apps

2022-03-17 14:36

Thousands of mobile apps - some of which have been downloaded tens of millions of times - are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found.

Check Point Research found that in three months' time, 2,113 mobile apps using the Firebase cloud-based database exposed data, "Leaving victims unprotected and easily accessible for threat actors to exploit," according to a blog post published this week.

This amounts to an estimated 5 percent of all Firebases being misconfigured on the cloud in some way - or the equivalent to thousands of new applications every month leaving sensitive data exposed, according to CPR. Mobile apps that researchers found were left vulnerable by cloud misconfigurations were popular apps for dating, fitness, bookkeeping, logo design, e-commerce and more, some with more than 10 million downloads, according to the post.

"These databases represent a gold mine for malicious actors, as they allow them to read and write new values in the database," researchers said in the post.

Threat actors also have leveraged misconfigured cloud storages in ransomware attacks - as was the case with a MongoDB debacle back in 2017 - demanding ransom payments after extracting and wiping databases that were left open, CPR said.

Researchers discovered the vulnerable databases simply by creating a query in Virus Total that searched for "Firebase URLs in APKs: content: '*.firebaseio.com' type: apk," which served all the applications communicating with Firebase services.

News URL

https://threatpost.com/misconfigured-firebase-databases-exposing-data-mobile-apps/178965/

#database #mobile