Reading: Popular Android Apps Vulnerable To HTTPS Bug, More Education on Technology...

Bitcoin

Popular Android Apps Vulnerable To HTTPS Bug, More Education on Technology Needed?

Jp Buntinx · @http://twitter.com/jdebunt | Jun 20, 2015 | 13:55

Bitcoin

Popular Android Apps Vulnerable To HTTPS Bug, More Education on Technology Needed?

Jp Buntinx · @http://twitter.com/jdebunt | Jun 20, 2015 | 13:55


One aspect that is slowing down mass Bitcoin adoption is the rather steep learning curve when it comes to understanding the underlying technology. But that same could be said for the technology we already use today, such as encrypted connections over the HTTP protocol (HTTPS). And while that protocol has been around for quite some time, a lot of app developers are struggling to implement it properly.

Major Android Apps VulnerableBitcoinist_Password_Interception

Dozens of major Android applications are exposing user passwords because of an improper implementation of HTTPS encryption during the login process. As soon as a user authenticates his/her login credentials with these affected applications, their details can be intercepted by a third party, as long as they are connected to the same wireless network.

It goes without saying this could turn into a major catastrophe for people authenticating details through any of these applications when using a public Wi-Fi network. And if there is one thing most people using mobile devices are not too worried about, it is protecting their personal and financial data.

The list of affected applications is quite large, and contains major names such as NBA Game Time, Match.com, Safeway and PizzaHut. Luckily for all Android users, developer AppBugs stumbled across these vulnerabilities thanks to their free application which spots potential app threats and security vulnerabilities.

AppBugs CEO Rui Wang stated the following:

“When the victim user logs into his League Pass account in the app, a third-party machine will be able to grab the password and username. The attacker could be some stranger who monitors the traffic of a public Wi-Fi or a compromised router on the Internet which logs the traffic quietly.”

AppBugs has reached out to every developer of these affected Android applications, yet most of them have not replied nor fixed the issue to this date. That fact is especially worrying, especially when you consider that this bug has been reported back in February of this year. So far, 100 applications have been identified to be “carrying” this bug, and only 28 of those have been fixed.

Understanding The Technology We UseBitcoinist_technology_education

We are so spoiled with the sheer amount of technology we have at our disposal, yet we understand so little of it. And due to that lack of knowledge, mistakes occur which will affect a lot of people around the world. Bitcoin is often criticized for its scams and exchanges going bankrupt. But those occurrences only stem forth from the same lack of knowledge.

Regardless of how you look at it, but the current and new technologies need to focus more efforts on educating the masses. Even if people do not fully understand the cause of the problems we are trying to solve, they need to at least be aware these problems exist.

What are your thoughts on this Android bug, and do you use any of the aforementioned applications? Let us know in the comments below!

Source: Ars Technica

Images courtesy of Ars Technica and Shutterstock


Show comments