Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
CO-PRESENTED BY
Tech
272
nda:
Needmore seats to Win
Needmore seats to Win
upa:
»
2-min read

Samsung Apparently Left Source Codes of Published Apps in the Open Without Password

A security researcher found source codes, analytics data and logs for public services such as SmartThings and Bixby, although Samsung claimed that the files were for testing.

News18.com

Updated:May 10, 2019, 6:08 PM IST
facebookTwittergoogleskypewhatsapp
Samsung Apparently Left Source Codes of Published Apps in the Open Without Password
A security researcher found source codes, analytics data and logs for public services such as SmartThings and Bixby, although Samsung claimed that the files were for testing.
Loading...
Samsung reportedly hosted a whole bunch of crucial data, including app source codes, secret keys, authorisation credentials, usage logs and analytics, on a development lab hosted on a company-owned domain, without proper security measures. The data, which was hosted in a GitLab folder using the domain ‘Vandev Lab’, reportedly included critical information such as full access to the AWS account being used by the developers, and once access was procured, contained source codes of apps already published on the Google Play Store.

As reported by TechCrunch, security researcher Mossab Hussein discovered the GitLab instance, which was being used by developers within the Samsung ecosystem to share data and codes of numerous Samsung projects and services. However, the worrying bit here is that a bunch of these codes were pertaining to public-facing services, and reportedly included highly sensitive code material for Samsung SmartThings and Bixby. The GitLab repository in which all the code was hosted, was set to ‘public’, with no proper password protection. This, in turn, would have reported almost anyone to take a look at it, and download the source code dumps.

Credit: Mossab Hussein/TechCrunch Credit: Mossab Hussein/TechCrunch

This could have further led to a possible instance where malicious users could have injected any form of malware, under pretext of official code. As Hussein discovered, the repository also had private GitLab tokens of multiple users stored in plaintext, which in turn allowed him access to up to 135 projects, with many of them being private, and in turn, possibly still under internal testing and potentially capable of developing into public services one day.

Hussein even gained access to a token that allowed him permission to all 135 of these projects, thereby leaving the Samsung data in his mercy. Any potential hacker could easily install malicious codes into this code base, and if downloaded by millions of users across the world, could lead to data breaches of devastating consequences. In response, Samsung spokesperson Zach Dugan told TechCrunch that the company is investigating the entire GitLab instance, and is “yet to find evidence that any external access occurred.” The company has already revoked the AWS credentials on the platform, but are yet to confirm if the remaining keys and certificates have been revoked as well.

Samsung has stated that the entire pool of data, however sensitive in nature, did not concern any already-published applications, but nevertheless updated the Samsung SmartThings app on Android stores already. Hussein, on this note, has claimed to possess evidence that the codes did affect public apps. It remains to be seen if this develops into a data breach issue, or if Samsung gets away with a major gaffe for one of the world’s largest technology and electronics makers.
(Get detailed and live results of each and every seat in the Lok Sabha elections and state Assembly elections in Andhra Pradesh, Odisha, Arunachal Pradesh and Sikkim to know which candidate/party is leading or trailing and to know who has won and who has lost and by what margin. Our one-of-its-kind Election Analytics Centre lets you don a psephologist’s hat and turn into an election expert. Know interesting facts and trivia about the elections and see our informative graphics. Elections = News18)
| Edited by: ---
Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwittergoogleskypewhatsapp
 
 

Live TV

Loading...
Countdown To Elections Results
  • 01 d
  • 12 h
  • 38 m
  • 09 s
To Assembly Elections 2018 Results