An Interest In:
Web News this Week
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
Some of Our Sources
- Simplebits
- Team Treehouse
- Fuel Your Creativity
- Web Designer Depot
- Crazy Leaf Design
- Fudge Graphics
- Web Design Ledger
- Line 25
- Freelance Switch
- Daily Now
Help Webnuz
Referal links:
May 9, 2019 12:45 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/DQlCtjt6pIc/samsung-spilled-smartthings-app-source-code-secret-keys
Samsung Spilled SmartThings App Source Code, Secret Keys
Mossab Hussein, a security researcher at SpiderSilk, has discovered that a development lab used by Samsung engineers was leaking highly sensitive source code, credentials and secret keys for several internal projects -- including its SmartThings platform. TechCrunch reports: The electronics giant left dozens of internal coding projects on a GitLab instance hosted on a Samsung-owned domain, Vandev Lab. The instance, used by staff to share and contribute code to various Samsung apps, services and projects, was spilling data because the projects were set to "public" and not properly protected with a password, allowing anyone to look inside at each project, access and download the source code. Hussein said one project contained credentials that allowed access to the entire AWS account that was being used, including more than 100 S3 storage buckets that contained logs and analytics data. Many of the folders, he said, contained logs and analytics data for Samsung's SmartThings and Bixby services, but also several employees' exposed private GitLab tokens stored in plaintext, which allowed him to gain additional access from 42 public projects to 135 projects, including many private projects. Samsung told him some of the files were for testing but Hussein challenged the claim, saying source code found in the GitLab repository contained the same code as the Android app, published in Google Play on April 10. The app, which has since been updated, has more than 100 million installs to date.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/DQlCtjt6pIc/samsung-spilled-smartthings-app-source-code-secret-keys
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot