SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
10 Sep 2014

Hundreds of Android, Amazon Apps Vulnerable to Man-in-the-Middle Attack

Security researcher Will Dormann of the US Computer Emergency Response Team (CERT) has reported this week that over 350 apps from the Google Play and Amazon App stores have been compromised due to a flaw that fails to validate certificates over a secure socket layer.

The bug, which opens up many popular mobile applications such as the eBay mobile shopper and the Microsoft Tech Companion to fairly rudimentary man-in-the-middle attacks, has been tracked and logged by the CERT team for only about a week now.

But instead of waiting the standard 45-days to silently communicate the problem to the affected companies in order to give them a chance to get out in front of the issue with appropriate patches, CERT has opted to go public as soon as possible due to the severity and wide reaching implications of what the attack could do if left unchecked for too long.

Due to the sheer number of affected programs, CERT has posted a document which is being constantly updated that should give any developers wrapped up in the breach the chance to check in and see whether or not their code is at risk of an attack.

“If an attacker is interested in performing MITM attacks, they’re already doing it,” writes Dormann. “That cat is already out of the bag. They’ve likely set up a rogue access point and are already capturing all of the traffic that passes through it. Knowing which specific applications are affected does not give any advantage to an attacker.”

Perhaps most worryingly is the weaknesses of the Coles Credit Card app, which is used to pay for groceries and goods at the Australian supermarket chain. If properly exploited, the hole could allow deviants to sniff out financial information, which might then be used to steal a user’s identity without their knowledge.

Although POS scams have taken the reins as one of the foremost methods that underground rings have depended on to commit financial crimes in 2014, more classical routes of intrusion are still proving themselves a fruitful battleground for anyone who may have less experience with the relatively new technologies and malware programs required to pull off a successful POS hack.

By simply cracking the username/password combos on the app, attackers would then be able to read through all the stored credit and debit cards on a person’s phone, which can easily be duped onto faux cards and drained at an ATM or used for large purchases at various retailers who are known for looking the other way when it comes to checking the ID of the person standing at the cashier.

CERT has advised all users of Google Play and the Amazon line of mobile devices to keep a close eye on their list to check if any of their installed apps pop up within the next several weeks. They also instruct anyone who gets a match to immediately uninstall any apps that could still be vulnerable until a patch can be applied across all the affected platforms.

Tags:
Android Amazon Microsoft information leaks Google Play
Source:
VPN Creative
2041
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015