Security Loophole in Amazon Allows Hackers Unauthorized Access
Security research firm, Fire Eye, recently found a hole in Amazons mobile application, which could threaten the security of its users. Fire Eye, a global security company, reported an exploit to Amazon in the early weeks, that they expect hackers have used gain unauthorized access to Amazon accounts. The insecurity Fire Eye found was caused by the application not having limits for incorrect login attempts. Such limits are found in nearly every website today, this is to stop hackers from Brute-Forcing attacking their way into users accounts. FireEye released this statement on the topic;
“As there is no limitation to the number of incorrect passwords and there are no CAPTCHA options for App Users, Attackers can easily use Brute-Force method to crack passwords.”
No official statements from Amazon have been reported. A fix for this flaw wasn’t issued until several days after the exploit was reported. It is highly recommended you update Amazon’s mobile applications on iOS and Android. The official website and mobile application can now prevent these Brute-Force attacks from occurring. Brute Force attacks are what hackers use to spam commonly used passwords towards user accounts in hopes of cracking the password. Hackers typically use password lists, and can crack millions of commonly used passwords in seconds.
It is recommended that you never use the same password for any two websites. Creating a secure password with capital letters, numbers, and characters ($@*^) can prevent such attacks from happening. Programs such as LastPass can create and remember secure passwords for you.
Fire Eye has found flaws very similar to this one in many other popular mobile applications. Such a simple flaw is more common than people think. We hope more mobile developers start adding more methods of authentication and security protocols, passwords are becoming easily cracked. With many free tools on the market performing simple hack attacks, more methods of authentication are vital. Two-step-authentication, a free security method can add extra layers of security to your current set up. The more methods of authentication, the harder time hackers have stealing data.