Researchers from Georgia Institute of Technology and Ohio State University, with National Science Foundation (NSF) funding, developed an automated system to vet cloud servers and software library systems to bolster mobile app security.
The researchers found that more than 1,600 vulnerabilities in the support ecosystem behind the Google Play Store’s top 5,000 free apps. These vulnerabilities, an NSF news release said, affect several app categories and “could allow hackers to break into databases that include personal information – and perhaps into users’ mobile devices.”
To aid mobile app developers strengthen security, the research team developed an automated system, SkyWalker, which can examine the security of servers supporting mobile apps – which NSF said are often operated by cloud hosting services, not individual app developers.
“A lot of people might be surprised to learn that their phone apps are communicating with not just one, but likely tens or even hundreds of servers in the cloud,” Georgia Tech Schools of Electrical and Computer Engineering’s Brendan Saltagormaggio said. “Users don’t know they are communicating with these servers because only the top apps interact with them and they do so in the background. Until now, that has been a blind spot where nobody was looking for vulnerabilities.”
The researchers are still determining whether attacks could access individual mobile devices connected to vulnerable services, but otherwise they have discovered 983 instances of known vulnerabilities, the news release added.