Remember a month ago when I ranted wrote about Solar Winds making what can only be described as professional malfeasance by hard coding credentials into one of their applications? It seemed worth writing about because, after all, that was surely an unusual situation.
It turns out, not so much. The Register has a disturbing article about some research by Symatec Security that found hard coded credentials in several smartphone apps. You Apple people can stop smirking because our favorite platform is not immune either.
The researchers, Yuanjing Guo and Tommy Dong, dryly describe this as the result of “lazy programming”. Incompetence and failure to exercise due caution is a better description. The article lists the apps found to have the hard code credentials but warns that there are probably others. Happily, the Irreal Bunker doesn’t use any of those apps but who knows what else is out there.
There really should be sanctions for this sort of thing. Both for the engineers responsible and for the companies involved. I don’t want to see anyone fired but the engineers responsible should suffer some penalty if only pour encourager les autres. The companies should also suffer some penalty although it’s hard to see by whom or how it would be applied. One thing for sure, that behavior can not be allowed to continue.