Analysis: Thousands of Enterprise Apps Exposing Data on Back-End Servers (Naked Security)


Something is going badly wrong with the way the mountain of big data generated by enterprise mobile apps is being stored on back-end servers, a new analysis has shown.

In March, a company called Appthority worked out how to scan these stores in an automated way, a technique akin to turning over a large, damp stone to count the creepy-crawlies underneath.

This found terabytes of potentially exposed data sitting in the MongoDB, MySQL, CouchDB, Redis, and Couchbase database platform before honing in on the popular Elasticsearch enterprise search tool to get a handle on the scale of the problem.

The team worked back from unsecured Elasticsearch stores to trace which apps had created them, before analysing one million Android and iOS enterprise apps to see whether any were sending data to unsecured locations.