Popular Mobile Travel Apps Have Critical Security Issues: Report

  • 15 September 2015
  • 0 replies
  • 2 views

Userlevel 7
By SecurityWeek News on September 15, 2015 Developers of mobile travel applications are more focused on features that boost the user experience than on ensuring increased security for their programs and customer data, a recent report from Bluebox Security reveals.
According to the mobile security company, even the top 10 most popular mobile travel apps lack proper security, and all of the analyzed programs include critical flaws. The issues impact applications designed for popular mobile platforms including Android and iOS.
The firm notes that many developers have created numerous points of entry for attackers to access sensitive data by overlooking the security of their apps.
In their analysis, Bluebox researchers found that only one in ten Android travel apps encrypts data stored on mobile devices, leaving data such as usernames, passwords, e-mail and server addresses, and credit card numbers easily accessible to attackers. None of the ten iOS programs examined leveraged encryption of stored data.
The study also uncovered that certificate pinning was present in only two of the ten Android apps and in one of the ten iOS programs and that it was used only on a portion of the network connection. Thus, the rest of the examined software left users vulnerable to man-in-the-middle attacks that can leak data in transit.
 
 
full article

0 replies

Be the first to reply!

Reply