SAN JOSE, CA--(Marketwired - May 08, 2014) - Audible, a popular audio book App, has found a critical vulnerability that could allow attackers to gain access of its cloud infrastructure, said Trustlook, a mobile security start-up in San Jose.
Trustlook discovers that Audible's AWS credentials has been hardcoded onto the App's binary code, once being extracted, an attacker is able do the following:
- Create or shut down Amazon EC2 hosts
- Add or delete Amazon S3 storage servers
- Manipulate SNS and SQS services
- Access other API functions such as access backup volumes/snapshots and change security group settings
Trustlook has reported this vulnerability to Audible as soon as it was discovered. As of today, Audible's newest version has this issue fixed. However, it is possible that unauthorized access and data leakage has happened before this patch.
The original record can be found at: http://blog.trustlook.com/2014/05/05/audible_vulnerability/
About Trustlook Inc.
Founded in 2013 and headquartered in Silicon Valley, Trustlook is a global leader in next-generation mobile security solutions. Trustlook pioneers and provides the first APT (advanced persistent threat) mobile security solutions to detect and address zero-day and advanced malware. For more information, please visit blog.trustlook.com.