According to a new report from Appthority mobile app security firm, called Q2 2018 Enterprise Mobile Threat Report the problem is caused by a new variant of what is nicknamed "HospitalGown Vulnerability." HospitalGown, brazenly named because it deals with data "leaked through the backend data stores," was identified by the Appthority Mobile Threat team in 2017.
Now, Appthority reports that the problem is getting product when applicati developers choose not to require authenticati. Google Firebase cloud databases, which is not de by default when developers use the popular development tool.
Appthority found that of the 1,275 iOS applicatis using a Firebase database, 600 were vulnerable. Overall, more than 3,000 applicatis leaked data from 2,271 miscfigured databases. Amg the disclosed data are 2.6 milli unencrypted passwords and user IDs, over 4 milli protected health information records and 50,000 financial records.
"To properly secure the data, developers must specifically implement user authenticati across all tables and rows in the database, which happens rarely in practice," writes Appthority in the report. "Moreover, attackers do not need much effort to find open firebase applicati databases and access millis of copies of the …
