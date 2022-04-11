ContributorsPublishersAdvertisers
Computers

Mismanaged cloud services put user data at risk

By Eric Pauley, PhD student in Computer Science and Engineering, Penn State
The Conversation U.S.
The Conversation U.S.
 3 days ago
https://img.particlenews.com/image.php?url=4JDioe_0f5cow0o00
Cloud services that aren't properly managed can 'leak' data into the wrong hands. id-work/DigitalVision Vectors via Getty Images

The Research Brief is a short take about interesting academic work.

The big idea

Organizations’ failure to properly manage the servers they lease from cloud service providers can allow attackers to receive private data, research my colleagues and I conducted has shown.

Cloud computing allows businesses to lease servers the same way they lease office space. It’s easier for companies to build and maintain mobile apps and websites when they don’t have to worry about owning and managing servers. But this way of hosting services raises security concerns.

Each cloud server has a unique IP address that allows users to connect and send data. After an organization no longer needs this address, it is given to another customer of the service provider, perhaps one with malicious intent. IP addresses change hands as often as every 30 minutes as organizations change the services they use.

When organizations stop using a cloud server but fail to remove references to the IP address from their systems, users can continue to send data to this address, thinking they are talking to the original service. Because they trust the service that previously used the address, user devices automatically send sensitive information such as GPS location, financial data and browsing history.

An attacker can take advantage of this by “squatting” on the cloud: claiming IP addresses to try to receive traffic intended for other organizations. The rapid turnover of IP addresses leaves little time to identify and correct the issue before attackers start receiving data. Once the attacker controls the address, they can continue to receive data until the organization discovers and corrects the issue.

Poorly managed cloud services are another opportunity for attackers to steal data. Video by Penn State.

Our study of a small fraction of cloud IP addresses found thousands of businesses that were potentially leaking user data, including data from mobile apps and advertising trackers. These apps initially intended to share personal data with businesses and advertisers, but instead leaked data to whoever controlled the IP address. Anyone with a cloud account could collect the same data from vulnerable organizations.

Why it matters

Smartphone users share personal data with businesses through the apps they install. In a recent survey , researchers found that half of smartphone users were comfortable sharing their locations through smartphone apps. But the personal information users share through these apps could be used to steal their identity or hurt their reputation .

Personal data has seen increasing regulation in recent years , and users may be content to trust the businesses they interact with to follow those regulations and respect their privacy. But these regulations may not sufficiently protect users. Our research shows that even when companies intend to use data responsibly, poor security practices can leave that data up for grabs.

Users should know that when they share their private or personal data with companies, they are also exposed to the security practices of those companies. They can take steps to reduce this exposure by reducing how much data they share and with how many organizations they share it.

What other research is being done in this field

Academics and industry are focusing on responsible collection of user data. A recent push by Google aims to reduce collection of users’ personal data by mobile advertisements, ensuring that their security and privacy is protected.

At the same time, researchers are working to better explain what applications do with the data they collect. This work aims to ensure that the data users share with applications is used how they expect by matching permission prompts with how the apps actually behave.

What’s next

We’re conducting research into new technologies on smartphones and devices to ensure they protect user data. For instance, research led by a colleague of mine describes an approach to protect personal data collected by smart cameras. Our vantage point on traffic in the public cloud is also enabling new studies of the internet as a whole. We are continuing to work with cloud providers to ensure that user data stored on the cloud is secure, and are introducing techniques to prevent businesses and their customers from being victimized on the cloud.

Eric Pauley receives funding from the National Science Foundation Graduate Research Fellowship Program under Grant No. DGE1255832. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author and do not necessarily reflect the views of the National Science Foundation.

This article is from The Conversation US, which brings news and analysis from academic experts directly to the public.

Comments / 0

Related
pymnts

EMEA Daily: Nexo, Mastercard, DiPocket Launch Credit Card; Umba Grabs $15M for Accessible Banking

In today’s top Europe, Middle East and Africa (EMEA) news, Nexo launches a cryptocurrency Mastercard, while Umba closes a $15 million Series A fundraising round. Plus, French B2B payments firm Libeo launches in the U.K., crypto wallet startup Dfns raises $13.5 million, and Microsoft Corp. faces allegations of undermining its competition and limiting consumers’ cloud computing.
CREDITS & LOANS
laptopmag.com

Google removes apps that reportedly harvested users' data — here are the offenders

Google has removed several apps used by over 50 million users from the Play Store after learning that the applications in question were harvesting users' personal information. Researchers Joel Reardon (University of Calgary) and Serge Egelman (UC Berkeley) discovered the malicious code in dozens of apps harvesting users' precise location, phone numbers, and email accounts.
CELL PHONES
IN THIS ARTICLE
#Cloud Computing#Cloud Services#Personal Data#Public Cloud#Digitalvision Vectors#Getty#Ip#Gps
pymnts

24% of Credit Union Members Would Switch FIs for Digital Innovations

When consumers are picking a financial institution, digital features make a difference. In fact, 24% of credit union members would consider switching to new financial institutions over innovation, according to “Credit Union Innovation,” a PYMNTS and PSCU collaboration based on a survey of 4,832 U.S. consumers, 101 credit union decision-makers and 51 FinTech executives.
CREDITS & LOANS
Phone Arena

Over 100,000 Android users installed this password stealing app from the Play Store; delete it now!

Security researchers have stumbled upon an app that Google has removed from the Google Play Store after it was downloaded over 100,000 times. What makes this app so deadly is its ability to collect personal data from smartphone users' Facebook accounts. French mobile security firm Pradeo (via ZDNet) says that this app uses malware called "Facestealer,"
CELL PHONES
ZDNet

Fake Android shopping apps steal bank account logins, 2FA codes

Researchers say that malicious Android applications disguised as legitimate shopping apps are stealing Malaysian bank customers' financial data. On Wednesday, ESET's cybersecurity team published new research documenting three separate apps targeting customers who belong to eight Malaysian banks. First identified in late 2021, the attackers began by distributing a fake...
CELL PHONES
YOU MAY ALSO LIKE
NewsBreak
Technology
NewsBreak
Computers
NewsBreak
Mobile Apps
NewsBreak
Data Privacy
NewsBreak
Google
geekwire.com

Tech Moves: Ex-Amazon product manager joins Shelf Engine; Nerdio adds former Microsoft exec to board; Hootsuite hires CPO

— Gavriella Schuster, a former Microsoft vice president, joined Nerdio’s board of directors. Schuster spent more than 25 years at Microsoft, where she most recently led the One Commercial Partner team. Schuster is also an ATHENA Global Leadership award winner and the co-founder of Women in Cloud and the Women in Technology Network.
SOFTWARE
CNET

Your Private Data Is All Over the Internet. Here's What You Can Do About It

If you're reading this, it's likely your personal information is available to the public. And by "public" I mean everyone everywhere. It's never a bad time to get your internet privacy ducks in a row and effectively "delete" yourself from the internet. But if you're wondering how deleting yourself from the internet can stop companies from getting hold of your info? Short answer: It can't.
INTERNET
US News and World Report

Hackers Hit Authentication Firm Okta, Customers 'May Have Been Impacted'

WASHINGTON (Reuters) -Okta Inc, whose authentication services are used by companies including Fedex Corp and Moody's Corp to provide access to their networks, said on Tuesday that it had been hit by hackers and that some customers may have been affected. The scope of the breach is still unclear, but...
PUBLIC SAFETY
pymnts

PYMNTS Intelligence: How Payments Orchestration Can Help Merchants Navigate Changing Regulatory Requirements

Despite in-store sales making a comeback in 2021, online spending continues to grow since the pandemic’s onset in 2020. eCommerce sales in the United States alone rose 14% year over year to reach $871 billion in 2021. Moreover, a surge in online and mobile payments adoption throughout the Asia-Pacific region and Europe is expected to help drive 18% annual growth in cashless transactions worldwide through 2025.
TECHNOLOGY
PC Magazine

The Best Free Software of 2022

It's a mobile world, but we have not fully abandoned the desktop. The real work (and a lot of the play) of computing requires a full personal computing system, and to get the most out of that, you need software. Software can be expensive, but free programs have been a...
SOFTWARE
pymnts.com

Finastra, Microsoft Form BaaS Partnership for Small Business Lending

London-based FinTech Finastra has launched a Banking-as-a-Service (BaaS) collaboration with Microsoft, according to a Tuesday (April 12) press release. The partnership is designed to offer new lending options to small- to medium-sized businesses (SMBs), “a sector severely underserved when it comes to accessing finance,” the release stated. SMBs that use Microsoft Dynamics 365 will be able to access financing offers without leaving their business management platform.
SMALL BUSINESS
TechCrunch

Microsoft wants you to build your next game in the cloud

As Microsoft notes, game studios can get started with the default workstation built and then use this as a base image and customize it as they become more experienced with Azure. The company also expects to build upon this first iteration and add new tooling over time, as well as deeper integrations with its partner network.
SOFTWARE
ZDNet

Customers aren't happy about Microsoft's restrictive cloud licensing policies

In 2019, Microsoft introduced new restrictions on how customers could run some of its server products on rival cloud offerings, to the dismay of companies like AWS and Google. But it turns out Windows Server and SQL Server weren't the only Microsoft products that have become more expensive to run on other clouds. Microsoft also tightened the pricing screws on Windows and Office running on clouds other than its own Azure service. And now it's not just Microsoft's competitors complaining; it's customers, too.
BUSINESS
pymnts

Lack of Understanding Holds Back Digital Payments Innovation

Adopting the latest technologies can help firms keep their businesses operating smoothly while benefiting customer and supplier relationships. However, several key challenges prevent firms from seeing the full benefits digital innovation has to offer. One of the greatest barriers is a lack of understanding of the benefits. That’s the No....
TECHNOLOGY
The Conversation U.S.

The Conversation U.S.

25K+
Followers
4K+
Post
6M+
Views
ABOUT

A nonprofit news source unlocking knowledge from experts for the public. The Conversation finds people who have been studying a subject for years or decades and helps them explain important information. All stories are based on these experts' research.

 https://theconversation.com/us

Comments / 0

Community Policy