Tuesday, September 9, 2014

Android apps fail basic tests of security – Computerworld Portugal

not preserve the privacy of users according to a university study. The Instagram and Grindr, for example, store images on its servers, accessible without authentication

. <- .post-Summary ->

 android - Infoworld The app Instagram, the Grindr, OkCupid and many other Android applications, do not take basic precautions to protect the data of its users, putting their privacy at risk, according to a new study.

The work group is the research and training ciberforense the University of New Haven who earlier this year detected vulnerabilities in WhatsApp and Viber. This time, expanded their analysis to a wider range of Android applications, looking for weaknesses that could put data at risk of interception.

The group will release a video each day this week your YouTube channel , highlighting their results, which may affect more than one billion users, claims. “I think that application developers are pretty sloppy,” says Ibrahim Baggili, director of Journal of Digital Forensics, Security and Law of .

The researchers used traffic analysis tools such as Ethereal and NetworkMiner for monitoring data exchanged when certain actions were performed. This revealed how and where applications were storing and transmitting data.

The Instagram application on Facebook, for example, still had pictures unencrypted and accessible without authentication, on their servers. The group found the same problem in applications such as ooVoo, the MessageMe, the Tango, the Grindr, the HeyWire and TextPlus when the photos were sent from one user to another.

These services stored content with single bonds, “http”, which were then forwarded to the recipients. But the problem is that if “someone has access to this link, you can access the uploaded image. No authentication “, Baggili said.

LikeTweet

No comments:

Post a Comment