Embed Size (px)
Citation preview
1 INTRODUCTION .......................................................................................................................................3
1.1 IDENTITY MANAGEMENT IN AMAZON AWS ..................................................................................................... 3
2 IDENTIFYING THE PROBLEM ....................................................................................................................4
3 DATA ANALYSIS .......................................................................................................................................6
4 ATTACK SCENARIOS AND HYPOTHESIS ....................................................................................................8
5 CONCLUSIONS AND RECOMMENDATIONS ..............................................................................................8
0
500000
1000000
1500000
2010 2011 2012 2013 2014
TOTA
L N
UM
BER
OF
AP
PS
YEAR
TOTAL NUMBER OF APPS PER MARKET
Apple Store
Google Play
Amazon Appstore
# Fill in your AWS Access Key ID and Secret Access Key # http://aws.amazon.com/security-credentials #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # This sample App is for demonstration purposes only. # It is not secure to embed your credentials into source code. #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! accessKey=AKIAJZUGBMWUTJOS2A secretKey=0OvgWIKJ3EnsmSSpw1HPzV3VgWA643LCBTfPHW+
7%
93%
Availability of the analyzed apps in the markets
Not available Available
58,7
41,3
Different AWS access key found
Operational (37) Not operational (26)
0
2
4
6
8
10
12
14
16
Sharing of access keys for different apps
22
15
Total number of operational access keys
Credentials allowing full control Credential allowing write
The information disclosed in this document is the property of Telefónica Digital Identity & Privacy, S.L.U. (“TDI&P”) and/or any other entity within Telefónica Group and/or its licensors. TDI&P and/or any Telefonica Group entity or TDI&P’S licensors reserve all patent, copyright and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to the extent said rights are expressly granted to others. The information is this document is subject to change at any time, without notice.
Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material form except with the prior written consent of TDI&P.
This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of receipt of this document, the recipient agrees to use such information for its own use and not for other use.
TDI&P shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission in such information or any incorrect use of the product or service. The use of the product or service described in this document are regulated in accordance with the terms and conditions accepted by the reader.
TDI&P and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks. All rights reserved.
