NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Personal banking apps leak info through phone

Personal banking apps leak info through phone

http://j.mp/1aoJnV2 (IO Active)

   "Many of the apps (90%) contained several non-SSL links throughout the
    application. This allows an attacker to intercept the traffic and
    inject arbitrary JavaScript/HTML code in an attempt to create a fake
    login prompt or similar scam.  Moreover, it was found that 50% of the
    apps are vulnerable to JavaScript injections via insecure UIWebView
    implementations. In some cases, the native iOS functionality was
    exposed, allowing actions such as sending SMS or emails from the
    victim's device."

 - - -

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
nnsquad mailing list