The mishandling of these cloud-based solution services revealed personal information like passwords, email addresses, device location, private messages, user identifiers, and more. For example, Astro Guru – an astrology app downloaded more than 10 million times – exposed its users’ personal info and payment details due to unsecured syncing, which could have been avoided with appropriate identity theft protection. Similarly, Check Point’s researchers managed to acquire chat messages exchanged between drivers and passengers on the T’Leva taxi app. Over 50,000 users had their in-app correspondence leaked with a single request sent to the app’s real-time database. Users’ full names, locations, and phone numbers were also contained in the leak. The last example is a screen-recording and storing app called Screen Recorder; the app has over 10 million users. Its developers embedded access keys in the same database they used to store recordings, essentially offering them to anyone who decided to look.
Julia A. is a writer at SmallBizGenius.net. With experience in both finance and marketing industries, she enjoys staying up to date with the current economic affairs and writing opinion pieces on the state of small businesses in America. As an avid reader, she spends most of her time poring over history books, fantasy novels, and old classics. Tech, finance, and marketing are her passions, and she’s a frequent contributor at various small business blogs.
Originally released in November 2020 as part of the Square for Restaurants POS software package, Square KDS has now become available as a stand-alone product. Some other big names in the restaurant industry, such as Kitchen United, have focused on developing their own solutions to keep up with the new trends, but smaller businesses rarely have enough time and funds to do so, making solutions such as Square KDS even more valuable. Square’s new product is currently available as a standalone in the UK, US, Canada, Australia, and Ireland. Square is currently offering a special price for this new solution, standing at $10 per month per device until the end of 2021. Alternatively, users can get it if they opt for Square’s Plus plan, which costs $60 per month per location. Large businesses might also consider purchasing Square’s Premium plan, which can be tailored to a particular restaurant’s needs.
Square, a popular payments system, has recently launched its new product, Square KDS, a display system for restaurants that focus on delivery and don’t necessarily have a front-of-house or even a POS system. Square’s Kitchen Display System helps restaurants streamline their processes, connecting the front-of-house to the back-of-house and order fulfillment. Likewise, orders from delivery apps and the Square Online site are all sent directly to the kitchen via Square KDS. It has already replaced post-it notes in many restaurants due to its ease of use. Restaurant owners can also benefit from additional features, such as ticket timers, performance reports, and notifications that can be customized to meet the restaurants’ specific needs. It seems that Square has jumped to cater and adapt to the pandemic-related trend of delivery-only restaurants. These ghost kitchens and other businesses that don’t have a front-of-house can take advantage of Square’s technology.
Check Point Software Technologies researchers gained access to the data of over 100 million Android users due to misconfigured cloud-based storage solutions. They published their findings on May 20, citing 23 highly sought-after mobile apps as dangerous for internal user data due to oversights in cloud-based-storage security configurations. Real-time databases, cloud-based storage, and notification managers were misconfigured, leaving both developers and users exposed. Both secret and access keys were embedded in the same service that stores personal data.
Cloud storage on mobile apps is a very convenient solution for developers. However, this widespread mishandling of configuration and implementation put both developer and user data at risk. Check Point Software researchers have found dozens of cases where developers tried to hide how they keep cloud service keys in their apps by providing a solution that doesn’t fix the issue. Researchers had contacted Google and app developers before they published their findings. However, only a few apps have evaluated their configuration since.