HQ/EMEAFind out how we can help your business
A critical security flaw in the popular Android application Barcode to Sheet raises severe concerns about the safety of user data and enterprise information.
The app currently has 100,000 downloads on Google Play and an impressive 4.5-star rating. Barcode to Sheet has become one of the most popular choices among e-commerce clients that need a barcode scanner to transfer data seamlessly to various spreadsheet-compatible formats.
Unfortunately, the app recently acquired a critical vulnerability within its open Firebase database containing 368MB of sensitive data. Firebase is a real-time data storage service commonly used by apps to store collected data. However, the developers left this storage full of information accessible to anyone.
Barcode to Sheet exposes troves of ‘sensitive’ data.
The Barcode to Sheet app could compromise various data samples, such as plaintext information on products, reports, emails, and user IDs. In addition, the app stores these details in the vulnerable MD5 hash format.
Despite its intended purpose of securing passwords, MD5 has various vulnerabilities that do not require sophisticated programming skills to exploit.
This open server also keeps crucial client-side information, such as access keys and IDs exclusive to app developers. The confirmed details included in the server are web client ID, Google API key, Google app ID, and crash reporting key, among others. Unauthorised access to these details could allow unauthorised individuals or hackers to execute phishing attacks more effectively.
The impact of this security vulnerability extends beyond the immediate threat since the exposed database contained a significant amount of data for an app with half a million users. Furthermore, such datasets typically leak to the dark web, where criminals leverage and spread personally identifiable information (PII) for financial gain and identity theft.
These markets also offer credit cards and social security numbers, which are easily purchasable for less than $20, implying that the earlier mentioned incident could severely impact its users.
Among thousands, a single victim of this vulnerability could be a spark that an attacker will need to make this attack significant. Therefore, organisations that employ this Android app should adopt robust security measures and be more cautious to avoid compromise that could result in hacking.
