Many apps offer little security

Numerous applications for smartphones, tablets, etc. are very vulnerable to hacking of the web APIs (Application Programming Interfaces).

Millions of users may be affected by this finding, as researchers at Texas A&M University warn in their current scientific study.

Reveal inconsistencies

APIs are used to exchange and further process data and content between different websites, programs and providers. They enable third parties to access user groups and data pools. The researchers examined around 10,000 mobile apps for their analysis and found that many of them were open to hacking the web API.

According to study author Guofei Gu, the reason for the threat lies in the inconsistencies that often occur between app and server logic in Web API implementations for mobile apps. The researchers created a “WARDroid framework” to inspect the applications analyzed in the study, automatically conducting exploration and uncovering the mentioned inconsistencies. Static analysis was used and also determined which HTTP requests were accepted by the server.

Shopping apps affected

Once a possible attacker has information about what these requests look like in a specific mobile application, he can carry out his own actions by tweaking some parameters.

“For example, a malicious user could make free purchases on an unsafe shopping app by making the prices of the products in their shopping cart negative. “All you have to do is change a few HTTP parameters,”

explains Gu.

“The process should actually be forbidden in the app, but unfortunately it can be accepted by the server,”

sums up Gu. After identifying many dangerous mobile apps and servers affecting millions of users, researchers contacted developers to help them close the vulnerabilities.


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )