Security Dissection and Rants » trust http://www.iglobalonline.com Penetrating security, one app at a time Fri, 09 Apr 2010 18:08:39 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Mobile Developer Insecurity http://www.iglobalonline.com/2010/02/05/mobile-developer-insecurity/ http://www.iglobalonline.com/2010/02/05/mobile-developer-insecurity/#comments Fri, 05 Feb 2010 19:29:54 +0000 Michael http://www.iglobalonline.com/?p=8 Now a days, mobile phones are the gateway to banking, communication, and the internet. Some companies provide applications to control access to homes (like Schlage) while others provide an entrance into bank accounts (like Bank of America). With the sudden rise in developers and the ease of pushing apps into the public market place, users are getting comfortable installing and running pretty much just about any app, especially when its free.

As a security analyst, I decided to start examining how these apps work. What I found was astonishing! So far, almost all the apps I have dissected contain extreme high risk vulnerabilities when storing sensitive data. I decided to create this blog to post some of my findings to the world in hopes of providing a break down of just how serious this issue is.
Without giving away too much detail, a highly used app (on all major markets) that provides a visual to your voicemail, has a authentication bypass that allows an attacker to download voicemails in MP3 format from another users mailbox. I have properly notified the vendor on 02/04/2010 and have been providing them with my findings. I will be blogging about this vulnerability on 02/28/2010 or sooner assuming they issue a patch for it.

Stay tuned as I start publicly dissecting these apps. If anyone would like to work with me on projects, feel free to contact me.

All Tags: bank information, developer, insecurity, mobile security, personal information, sensitive data, Smartphone, trust
]]> http://www.iglobalonline.com/2010/02/05/mobile-developer-insecurity/feed/ 0