• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 27th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

Researchers Found Critical Vulnerabilities in Android Parking Apps

December 15th, 2015 Uzair Amir Android, Security 0 comments
Researchers Found Critical Vulnerabilities in Android Parking Apps
Share on FacebookShare on Twitter

A new research has found out that numerous parking applications available in the smartphone market contain strong vulnerabilities that can allow hackers to attack the user and gain illegal access to the smartphone.

NCC Group, the renowned information assurance firm tested six common Android parking applications with up to one million active users of which the name was kept hidden.

The majority of the apps used Transport Layer Security (TLS) to secure and encrypt sensitive data which is sent over the server, but the certificates used by the server were not verified which makes the man in the middle attacks (MITM) quite easy enabled by “Intercepting proxy tool”.

One of the application sellers decided to build and use their own encryption software but could not securely save the keys in code blocks making them easily retrievable by decompiling the apk file. Another case was confirmed where a username and password were hacked through email. However, Chris Spencer, the NCC’s consultant confirmed that MITM attacks can only be carried out if the hacker has some control over the network where the smartphone user is, just like an unsecured Wi-Fi connection.

Spencer also said, “Since most of the time parking applications will be used when connected to mobile data connections, the likelihood of these attacks may be reduced (although it is possible for an attacker to create a fake GSM base station).”

[must url=”https://www.hackread.com/remote-keyless-system-hack/”]Flaw in Remote Keyless System left Cars Vulnerable to Theft[/must]

[fullsquaread][/fullsquaread]

[must url=”https://www.hackread.com/unexpected-hacks-defcon-23-black-hat-2015/”]7 Unexpected Hacks of 2015, Thanks To DefCon and Black Hat[/must]

“There are circumstances where a user of the application may be connected to public Wi-Fi, however, such as when extending a parking stay from a restaurant or coffee shop. Be careful when using any type of mobile application that may expose sensitive data when connected to a potentially unsecured network.”

Most of the smartphones are vulnerable to hackers because of the “Remember Me”, “Auto-Login”, “Auto-Fill Form” and other such options which have important data like PINs and passwords.

“This feature isn’t generally a good idea, mainly as the password may not be stored securely,” wrote Spencer. “In fact, one of the applications stored the password for the system (unencrypted) in the application’s private data directory on the phone.”

The NCC testers accessed the private information database through file traversal vulnerabilities by which they successfully recovered unencrypted passwords stored in that database. This research did make some serious points to ponder for the developers who have developed or are developing such applications. NCC recommended some steps for the developers out of which some are:

  • Use latest Android API.
  • Use verified certificates that focus on minimizing the MITM attacks.
  • Use properly configured TLS to encrypt and save the data which is sent over to the server.
  • Tags
  • Android
  • APPS
  • Encryption
  • Flaws
  • hacking
  • security
  • Smartphones
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Researcher Claims To Jailbreak PS4, Posts FS Dump, PIDs Online
Next article This New Secom Drone Will Hunt The Suspects Down
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us