Tag: mobile app vulnerabilities

Mobile apps using Baido code are leaking personal info

| February 29, 2016

Thousands of applications running on this code have been found to be collecting and sharing private data.

According to researchers at Citizen Lab in Canada, there are currently thousands of popular mobile apps that are running code created by Baidu, the internet giant from China, and the code has been causing those applications to collect the personal information of the users and transmit it to the company.

The researchers pointed out that a great deal of that personal information would be very easy to intercept.

It is estimated that the mobile apps using Baidu’s code have had hundreds of millions of downloads. The researchers have traced the issue back to problems in the software development kit (SDK) by Baido for creating Android applications. The mobile security threat applies to the Baidu browser as well as the apps that were created by the company and other firms that employ the same SDK in their app development. That said, while it was primarily Android applications that were affected, the Windows browser from Baidu was also among them.

The same researchers said that comparable types of security issues were present in the Alibaba UC Browser mobile app.

Mobile Apps The UC Browser from Alibaba and another popular mobile browser that is broadly downloaded and used in the largest internet market on the planet have also both been affected with unsecured personal data transmission.

That said, while Alibaba has already moved forward and has repaired the vulnerabilities, Baidu had yet to have completed that task at the time of the writing of this article. The company was, however, in the process of making the repairs to the holes in the kit’s encryption. Still, it admitted that it would not cease to collect data for commercial use. Some of the data collected by Baidu will also be shared with third parties. Still, the company said that it “only provides what data is lawfully requested by duly constituted law enforcement agencies.”

Among the unencrypted information collected through the Baidu code based mobile apps are the search terms that have been used by the user, his or her website visits, and his or her location. This, according to the Citizen Lab chief researcher, Jeffrey Knockel.

Mobile security concerns exist in parking meter apps

| December 15, 2015

A recent investigation from NCC Group has revealed that these applications are vulnerable to being hacked.

Researchers from NCC Group have now completed an investigation that has revealed that there could be greater mobile security concerns associated with parking meter apps than most users likely realize.

The researchers explained that many of these mobile apps are open to cyber attacks from hackers.

Companies using mobile apps to allow people to pay for their parking in the United Kingdom have been doing so in order to offer additional convenience through this alternative method. However, according to this research, the people who are using these apps may also be increasing their risk of mobile security problems. This typically affects people who have smartphones based on the Apple and Android operating systems.

It was the mobile security of the Android applications that underwent the majority of the investigation by NCC.

Mobile Security - Image of parking metersThe researchers looked into the various kinds of security vulnerabilities that can impact these specific kinds of mobile apps. They wanted to look into those applications as a whole opposed to examining individual apps and labeling them as somehow different than the rest. Therefore, they did not name the specific apps that were studied in the report. Instead, they published their results in general with regards to the paid parking apps in general.

The assessment of the security of these apps was focused on the amount of attack surface that was available on Android based smartphones, including the vendor’s APK and any data that would be stored on the mobile device because of the interactions with the online support servers. At the same time, throughout this research, there was no time at which investigations were made into problems that could result from manipulating data sent to the server. Therefore, this research did not represent the same level of results that would have been achieved if the apps had undergone thorough penetration testing.

The mobile security conclusion of the team at NCC was that almost all the applications they investigated had been “affected by security vulnerabilities – some more serious than others.” They pointed out that their cryptographic implementation mediocrity was among the most common trends from one to the next.