|By Marketwired .||
|May 8, 2014 02:59 AM EDT||
SAN JOSE, CA--(Marketwired - May 08, 2014) - Audible, a popular audio book App, has found a critical vulnerability that could allow attackers to gain access of its cloud infrastructure, said Trustlook, a mobile security start-up in San Jose.
Trustlook discovers that Audible's AWS credentials has been hardcoded onto the App's binary code, once being extracted, an attacker is able do the following:
- Create or shut down Amazon EC2 hosts
- Add or delete Amazon S3 storage servers
- Manipulate SNS and SQS services
- Access other API functions such as access backup volumes/snapshots and change security group settings
Trustlook has reported this vulnerability to Audible as soon as it was discovered. As of today, Audible's newest version has this issue fixed. However, it is possible that unauthorized access and data leakage has happened before this patch.
The original record can be found at: http://blog.trustlook.com/2014/05/05/audible_vulnerability/
About Trustlook Inc.
Founded in 2013 and headquartered in Silicon Valley, Trustlook is a global leader in next-generation mobile security solutions. Trustlook pioneers and provides the first APT (advanced persistent threat) mobile security solutions to detect and address zero-day and advanced malware. For more information, please visit blog.trustlook.com.
Jan. 17, 2017 05:45 AM EST Reads: 3,479
Jan. 17, 2017 05:30 AM EST Reads: 1,523
Jan. 17, 2017 05:15 AM EST Reads: 9,256
Jan. 17, 2017 04:15 AM EST Reads: 1,779
Jan. 17, 2017 03:45 AM EST Reads: 3,370
Jan. 17, 2017 03:45 AM EST Reads: 2,711
Jan. 17, 2017 03:45 AM EST Reads: 3,525
Jan. 17, 2017 03:15 AM EST Reads: 6,221
Jan. 17, 2017 03:00 AM EST Reads: 537
Jan. 17, 2017 02:15 AM EST Reads: 3,747
Jan. 17, 2017 01:45 AM EST Reads: 5,216
Jan. 17, 2017 12:45 AM EST Reads: 6,016
Jan. 16, 2017 11:45 PM EST Reads: 4,207
Jan. 16, 2017 09:00 PM EST Reads: 7,448
Up until last year, enterprises that were looking into cloud services usually undertook a long-term pilot with one of the large cloud providers, running test and dev workloads in the cloud. With cloud’s transition to mainstream adoption in 2015, and with enterprises migrating more and more workloads into the cloud and in between public and private environments, the single-provider approach must be revisited. In his session at 18th Cloud Expo, Yoav Mor, multi-cloud solution evangelist at Cloudy...
Jan. 16, 2017 08:45 PM EST Reads: 4,582