|By Marketwired .||
|May 8, 2014 02:59 AM EDT||
SAN JOSE, CA--(Marketwired - May 08, 2014) - Audible, a popular audio book App, has found a critical vulnerability that could allow attackers to gain access of its cloud infrastructure, said Trustlook, a mobile security start-up in San Jose.
Trustlook discovers that Audible's AWS credentials has been hardcoded onto the App's binary code, once being extracted, an attacker is able do the following:
- Create or shut down Amazon EC2 hosts
- Add or delete Amazon S3 storage servers
- Manipulate SNS and SQS services
- Access other API functions such as access backup volumes/snapshots and change security group settings
Trustlook has reported this vulnerability to Audible as soon as it was discovered. As of today, Audible's newest version has this issue fixed. However, it is possible that unauthorized access and data leakage has happened before this patch.
The original record can be found at: http://blog.trustlook.com/2014/05/05/audible_vulnerability/
About Trustlook Inc.
Founded in 2013 and headquartered in Silicon Valley, Trustlook is a global leader in next-generation mobile security solutions. Trustlook pioneers and provides the first APT (advanced persistent threat) mobile security solutions to detect and address zero-day and advanced malware. For more information, please visit blog.trustlook.com.
Sep. 26, 2016 09:45 AM EDT Reads: 2,779
Sep. 26, 2016 09:15 AM EDT Reads: 2,702
Sep. 26, 2016 09:00 AM EDT Reads: 1,521
Sep. 26, 2016 09:00 AM EDT Reads: 1,059
Sep. 26, 2016 08:30 AM EDT Reads: 2,543
Sep. 26, 2016 08:30 AM EDT Reads: 2,459
Sep. 26, 2016 08:15 AM EDT Reads: 1,541
Sep. 26, 2016 08:15 AM EDT Reads: 2,436
Sep. 26, 2016 08:15 AM EDT Reads: 2,541
Sep. 26, 2016 07:15 AM EDT Reads: 1,891
Sep. 26, 2016 07:15 AM EDT Reads: 1,601
Sep. 26, 2016 07:00 AM EDT Reads: 2,665
Sep. 26, 2016 06:45 AM EDT Reads: 1,079
Digitization is driving a fundamental change in society that is transforming the way businesses work with their customers, their supply chains and their people. Digital transformation leverages DevOps best practices, such as Agile Parallel Development, Continuous Delivery and Agile Operations to capitalize on opportunities and create competitive differentiation in the application economy. However, information security has been notably absent from the DevOps movement. Speed doesn’t have to negat...
Sep. 26, 2016 06:45 AM EDT Reads: 1,992
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Sep. 26, 2016 06:30 AM EDT Reads: 1,569