Industry Expert Blogs

Security researchers at Fraunhofer Institute have identified widespread data vulnerabilities in the way that many mobile applications use and access data stored in cloud databases [1,2]. The data stored in these databases includes privacy sensitive information such as users' addressbooks and contact databases, social security numbers, healthcare information and similar sensitive data.

While this is disappointing, it is not surprising. The research found that stored data used simple obfuscation techniques to try to hide it in random locations on the cloud servers, often using the same data to initialize the obfuscation scheme for all copies of the same application. Data sent to and from the cloud was often sent through unprotected plain text network connections rather than using an end-to-end secure protocol like TLS (SSL).