Hundreds of iOS apps could be leaking AWS credentials TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Hundreds of iOS apps could be leaking AWS credentials By Craig Hale published 2 September 2022 Almost 1,900 (mostly iOS) apps could be exposing your data (Image credit: Passwork) Audio player loading… Hundreds of mobile apps have been found to be leaking Amazon Web Services (AWS) credentials. A recent Symantec analysis (opens in new tab) identified 1,859 publicly available apps, 98% of which are iOS apps, containing hard-coded AWS credentials that could be putting your data at risk. The company found over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services, and nearly half (47%) contained valid AWS tokens that also gave full access to numerous, often millions, of private files via the Amazon Simple Storage Service (Amazon S3). AWS passwords leaks Some of the reasons for vulnerabilities, says security researcher Kevin Watkins, include the unbeknown use of vulnerable external software libraries and SDKs, the outsourcing of app development, and cross-team collaboration which could present numerous opportunities for missing information and ineffective communication.> Here's the best endpoint protection software > AWS is upping its security and malware protection > Malicious Python packages dump your AWS secrets online The analysis highlights three real-world examples of affected companies. The first, an unnamed B2B company that provides an intranet and communications platform, had provided a mobile SDK to its customers that exposed the company's cloud infrastructure keys, exposing things like financial records and private data. The second example cites a number of iOS banking apps that had outsourced the digital ID and authentication component of their respective apps. Affected users of this SDK had their personal data exposed, including names and dates of birth. Furthermore, over 300,000 biometric digital fingerprints were leaked by five banking apps. Finally, a hospitality and entertainment company that had teamed up with another company to share its technology platform was found to be exposing business and customer data from a library that was being used by 16 different apps. The research findings have been shared with the companies involved, however it's not yet known if the issues have been ironed out with immediate effect.Stay safe with our pick of the best firewall tools around Via Bleeping Computer (opens in new tab) Craig Hale With several years' experience freelancing in tech and automotive circles, Craig's specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the electrification of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value! See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1You may not have to sell a body part to afford the Nvidia RTX 4090 after all2PC gamers are shunning high-end GPUs – spelling trouble for the Nvidia RTX 40903Beg all you want - these beer game devs will not break the laws of physics for you 41000TB SSDs could become mainstream by 2030 as Samsung plans 1000-layer NAND5Micro-LED 4K TVs aren't trying to kill OLED, they're aiming at projectors1We finally know what 'Wi-Fi' stands for - and it's not what you think2Brave is about to solve one of the most frustrating problems with browsing the web3She-Hulk episode 8 just confirmed Netflix's Daredevil TV show is canon in the MCU4A whole new breed of SSDs is about to break through5Logitech's latest webcam and headset want to relieve your work day frustrations Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)