HelpNet Security is today reporting findings by Appthority security researchers on a new vulnerability that leads to data exposures, not due to any code in the app, but to the app developers’ failure to properly secure backend data stores (hence the name of the vuln, HospitalGown). The news story 3,000+ mobile apps leaking PII data from unsecured Firebase databases notes that the newly-discovered Firebase variant of this vuln exposes large amounts of mobile app-related data stored in unsecured Google cloud-hosted databases. Ryan Wilk, Vice President at NuData Security, a Mastercard company commented below.
Ryan Wilk, Vice President at NuData Security:
“Mobile application security is often a crucial and an open issue as the latest HospitalGown vulnerability variant shows. This vulnerability underscores why sectors such as healthcare and finance are increasingly adopting and multi-layered security strategies incorporating passive biometrics and behavioural analytics to help ensure that the previously stolen data cannot be used to for fraudulent purposes.
“This type of security enables customer verification with real-time analysis of hundreds of indicators derived from the user’s online behaviour, rather than depending on possibly compromised static data such as passwords and security questions. This solution protects customers from post-breach damage.”