All in all, each component may play a part in making an application vulnerable, like it would a traditional web application.Īccording to the OWASP Mobile Top 10 itself, insecure data storage is common and occurs when developers assume that an attacker will not check the sensitive data stores or filesystem of the device. The application is developed with a framework (if not a native app), software libraries and the application is executed by a runtime environment. In summary, the mobile app is installed onto your device somewhere in the filesystem. This is similar in mobile applications however, there are different types of mobile applications such as native, hybrid and web, which affects how some of the application’s components work. For example, if we think of a traditional web application we think of a server to host the application, a database to store the application’s data, a framework and software libraries to create the application and something to host the app like a browser. It may be easier to think of it in a more familiar scenario. It should be noted that certain vulnerabilities may need to exist for an attack to be successful. An attacker may be able to access this data by stealing the device itself or by implanting malware on the device to exfiltrate sensitive data. Insecure data storage sounds like exactly what you are thinking! It occurs when data is not securely stored on the device, and when data is accessible to an attacker. For this post we will focus on the Android operating system and walk through how we can exploit this vulnerability. At a high-level, this can occur when the developer from a third party application insecurely stores data on the device, where an attacker. Insecure data storage is common and easy to exploit. The last post in the MOBster series covered M1: Improper Platform Usage. Oh no, it’s another one from the MOBster series coming to get you! Hide… Run… Read with intrigue! This post is covering, M2: Insecure Data Storage, the second listing from the OWASP Top 10 Mobile Risks list.
0 kommentar(er)
