Saturday13 August 2022

MacKeeper did not keep security in mind when building their own systems

Reading time is around minutes.

You know that awkward moment when your security company actually fails and ends up exposing your data? Well that is happening for a, less than loved, Mac application called MacKeeper. It seems that they forgot all about data management and security. Now, that being said MacKeeper and the developer, Kromtech Alliance, are not know as a wonderful application in the Mac world. For the most part they are known as something to be avoided, but that does not mean that people have not bought and installed their software.

This fact was made painfully clear when Chris Vickery, a security researcher, stumbled upon their MongoDB sitting exposed on the internet using a Shodan search. Vickery was bored (according to his Reddit post) and just ran a search for port:27017. What he got back was very surprising.

Vickery found that the MongoDB was open to the world. There was no authentication, no user verification and there were about 13 Million MacKeeper users exposed. The exposure was not just user names, but IP addresses and other information. Fortunately Kromtech uses a third party payment system or we are fairly certain that Credit Cards would be exposed.

Vickery contacted Kromtech and informed them of the issue. They were fairly quick in responding and patched up the one exposed IP. Vickery found two additional IPs that were leaking the data and had to go back to Kromtech to get them to fix those openings. As of this writing it seems that these systems are no longer open to the world, but we do wonder if the fix was simply to obscure the data rather than one that properly protects it.

This incident, although involving a less than loved vendor, illustrates one of the problems with how vendors and developers view security. We are fairly certain that Kromtech did not intentionally expose user data. They simply did not understand what was happening. It is their responsibility to understand and to be paranoid about their user information. Sadly this is not common practice and user information is far too often the casualty of this type of failure…

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.