They can erase all your photos
Involved
Do you use amazon photos? The Android app had a serious security flaw (it has already been fixed) that could have put all your photos and videos at risk.
After Google removes a file Unlimited Free Storage In Google Photos, a large number of platform users decided to make the leap to amazon photosan alternative created by the company founded by Jeff Bezos, whose main virtue was the option to enjoy unlimited free storage for all Subscribers to Amazon Prime.
But it appears that the solution was developed by Amazon Not a problem free. As confirmed by CheckMarX PortalAnd the Amazon has acknowledged a serious security issue which was on its platform for storing photos and videos in the cloud. The vulnerability had allowed the attackers Access users’ content, erase their drives Full cloud storage.
Impact of the security flaw on the Amazon Photos app for Android
Google Photos is the solution that millions of people use to host their photos in the cloud.
As the researchers emphasized, The vulnerability has been discovered in the version of Amazon Photos for Android. The app, with over fifty million downloads on Google Play, has been determined to have a vulnerability that could allow attackers Access to user files and modify or delete them remotely.
The root of weakness lies in a Configuration failed in an Activity that make up the application. Apparently the component com.amazon.gallery.thor.app.activity.ThorViewActivity he has the ability to Export user access token Over an insecure HTTP connection, which could allow an attacker objection said code.
When trying to exploit this vulnerability, the attackers only had to do so get code Through a malicious app installed on the victim’s device, to access it later All private user content provided by Amazon API, including Photos and videos saved in Amazon Photos.
This token can be used to list client files using the Amazon Drive API, and then read, rewrite, or even delete the contents of each one.
But the problems go deeper: the researchers found that anyone with a user access token could clear date of files, so that the original copy of these files cannot be recovered.
From CheckMarX they reported to Amazon the discovery on November 7, 2021Amazon has rated the problem as “extremely severe”. A few weeks later, an update appeared containing a file The patch aims to solve the problem.
Related topics: Applications
Involved
Follow Andro4all to get all the mobile news
“Pop culture advocate. Troublemaker. Friendly student. Proud problem solver.”
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/metroworldnews/KAMPU362RJDWBEEJAHCQQIMWEE.jpg)
