In-Security of Backend-As-A-Service

Explore the critical security vulnerabilities in Backend-As-A-Service (BaaS) solutions in this eye-opening Black Hat conference talk. Delve into the findings of a comprehensive study that analyzed approximately two million Android apps, revealing shocking results about the insecurity of cloud-based data storage. Learn how researchers were able to access over 56 million sensitive user records, including medical information, credit card data, and various multimedia files, due to misconfigured BaaS solutions. Discover the potential risks of adversaries hijacking Amazon S3-Buckets, which could lead to database modifications, malicious code injection, and cloud-based malware execution. Gain insights into the automatic exploit generator developed to extract credentials from apps and access BaaS backends, even when obfuscated. Understand the implications of these security flaws for developers, users, and the overall mobile app ecosystem.

(In-)Security of Backend-As-A-Service