Member-only story
Introduction
We already touched on this topic a little in the first chapter M1.2016 but it is a bit more complicated then it seems at first. To gain something from this vulnerability thought is not very easy. The bad actor needs access to the device or needs to have an app installed that has access to the storage on the mobile device of the victim. This makes the attack vector a little bit more complicated but there is still a possibility of very big impact if the incorrectly stored data is sensitive information, partially due to the easy exploitability.
Attack vector
When an attacker has physical access to the mobile device and they can unlock it, they can hook it up to a computer and read it out. If the attacker can’t gain access though, they can craft an exploit app to read all the public data and send it to the attacker. An attacker can even modify existing apps to do this and hide their true intentions in an innocent app like flappy bird which will steal all the users public data in the background.
Security Weakness
It is very important that developers learn how to securely store data because if they do not learn and accidentally store sensitive data in an insecure location, a bad actor may have access to those files…
