Internet-Scale Analysis of AWS Cognito Security

Explore the results of an internet-scale analysis of AWS Cognito security configurations in this 48-minute conference talk from Ekoparty 2019. Delve into the identification of 2500 identity pools, granting access to over 13000 S3 buckets, 1200 DynamoDB tables, and 1500 Lambda functions. Begin with an introduction to AWS Cognito and its configuration for end-user access to AWS resources. Examine step-by-step demonstrations of configuration weaknesses in specific AWS accounts and Cognito identity pools. Learn about the automation techniques used for large-scale analysis, including the extraction of Cognito identity pool IDs from thousands of decompiled Google Play Store APKs and Common Crawl data. Discover the in-depth permission brute-force tool used to identify potential breaches of the least privilege principle. Gain valuable recommendations for secure Cognito configuration and insights into the widespread nature of this issue. Presented by Andrés Riancho, an application and cloud security expert known for leading the open-source w3af project and his contributions to AWS and GCP cloud security research.