SYS-CON MEDIA Authors: Liz McMillan, Yeshim Deniz, Doug Masi, Mat Mathews, PR.com Newswire

News Feed Item

Audible, an Amazon App, Has Leaked Their Cloud Access Credentials, Says Trustlook

The Possibility of Unauthorized Access and Data Leakage Cannot Be Excluded

SAN JOSE, CA--(Marketwired - May 08, 2014) - Audible, a popular audio book App, has found a critical vulnerability that could allow attackers to gain access of its cloud infrastructure, said Trustlook, a mobile security start-up in San Jose.

Trustlook discovers that Audible's AWS credentials has been hardcoded onto the App's binary code, once being extracted, an attacker is able do the following:

  1. Create or shut down Amazon EC2 hosts
  2. Add or delete Amazon S3 storage servers
  3. Manipulate SNS and SQS services
  4. Access other API functions such as access backup volumes/snapshots and change security group settings

Trustlook has reported this vulnerability to Audible as soon as it was discovered. As of today, Audible's newest version has this issue fixed. However, it is possible that unauthorized access and data leakage has happened before this patch.

The original record can be found at: http://blog.trustlook.com/2014/05/05/audible_vulnerability/ 

About Trustlook Inc. 
Founded in 2013 and headquartered in Silicon Valley, Trustlook is a global leader in next-generation mobile security solutions. Trustlook pioneers and provides the first APT (advanced persistent threat) mobile security solutions to detect and address zero-day and advanced malware. For more information, please visit blog.trustlook.com.

Media Contacts 
Trustlook
Tianfang Guo
(408) 658-0826
pr@trustlook.com 

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.