Almost half of the mobile app replacements in Russia are vulnerable. Often, access to data in these programs can be obtained without permission, and protection from hackers is extremely weak.
The Danger of Web Applications for Users
Critical vulnerabilities were found in 46% of Russian web applications, which could lead to data leaks, according to a study by Solar, which is part of the Rostelecom group. These vulnerabilities pose a danger not only to private users, but also to corporate ones. If a web application provides access to the company's information systems, such as email, this can lead to serious consequences. The company noted that more than half of the analyzed web applications of Russian companies have a low and medium level of security.
Web applications are programs that run directly in the browser. They do not need to be downloaded or installed on devices. They allow you to make payments, subscribe, order goods, and work with documents. This makes them convenient for users. Examples of such applications are online banking, online stores, and cloud services for storing and working with files.
Lack of control over employee access rights can lead to an internal or external attacker gaining illegal access to the widest range of information. For example, a bank employee receives information about the movement of funds in all clients' accounts and can use such data for malicious purposes.
Among the problems of web applications, insufficient encryption, insecure processing or storage of confidential information, such as credit card numbers, passwords, and personal data of customers, were also mentioned.
Anna Golushko, senior analyst at the Positive Technologies research group, notes that successful attacks on companies' web applications can lead to infection of devices with malicious software, for example, for remote access. In addition, hacked web applications can redirect users to various phishing sites. As a result, consumers face serious consequences, such as leakage of confidential data, loss of funds, inclusion of the device in a botnet, and others.
Why Are Web Applications Vulnerable?
Managing partner of Comnews Research Leonid Konik noted that the main vulnerability of web applications is the threat of unauthorized access to users' personal accounts. In second place in terms of danger is the possibility for a fraudster to gain access to functions and content.
Personal data periodically leaks from at least half of web applications, and user identifiers end up in the hands of attackers even more often. But downloadable mobile services are also dangerous.
They request access to various data, such as a list of contracts, photos and videos on the device, as well as location, Konik noted. Many users mindlessly give such permissions. However, often the application collects information without notifying the user. At the same time, the data is usually transmitted over open channels.
Earlier, www1.ru reported that despite the fact that users can delete their accounts on social networks, some of the data still remains on company servers. Ekaterina Edemskaya, an engineer-analyst at Gazinformservice, explained that this is due to legal requirements, commercial interests, and the specifics of information storage.
Read More on This Topic:
«Don't fall for sweet promises»: the main rules for data protection on the Internet
Targeting small businesses: Internet fraudsters began to deceive sellers through fake payments
Fraudsters can use your voice and face to withdraw money from accounts
