NNSquad - Network Neutrality Squad
[ NNSquad ] Personal banking apps leak info through phone
Personal banking apps leak info through phone
http://j.mp/1aoJnV2 (IO Active)
"Many of the apps (90%) contained several non-SSL links throughout the
application. This allows an attacker to intercept the traffic and
inject arbitrary JavaScript/HTML code in an attempt to create a fake
login prompt or similar scam. Moreover, it was found that 50% of the
apps are vulnerable to JavaScript injections via insecure UIWebView
implementations. In some cases, the native iOS functionality was
exposed, allowing actions such as sending SMS or emails from the
victim's device."
- - -
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad