Skip to main content

iphone app

Three 'iphone app' stories January 2012 - July 2014
See All Stories
Site default logo image

CNN iPhone app exposing login info of its iReporters unencrypted, according to security researchers

Avatar for Jordan Kahn Jul 23 2014 - 8:30 am PT
1 Comment

Update: Apple tells us CNN submitted fixes for both their iPhone and iPad apps that are now live on the App Store.

Security researchers at Zscaler claim to have found a security flaw in CNN’s iPhone app that exposes personal login and passwords of its users. The CNN app for iPhone, which includes an iReport feature that allows users to sign-up and submit news stories, is reportedly not using SSL encryption for registration/login and SSL certificate pinning like its Android app counterpart and sending the personal user info to and from the app unencrypted. The report notes that CNN’s iPad app is not subject to the same vulnerability as it currently doesn’t have the iReport feature:

The current CNN for iPhone App (verified on Version 2.30 (Build 4948)) has a key weakness whereby passwords for iReport accounts are sent in clear text (unencrypted). While this is always a problem, it’s especially concerning that this relates to functionality which permits people to anonymously submit news stories to CNN. This occurs both when a user first creates their iReport account and during any subsequent logins.

As can be seen, both transmissions are sent in clear text (HTTP) and the password (p@ssword) is sent unencrypted, along with all other registration/login information. The concern here is that anyone on the same network as the user could easily sniff the victim’s password and access their account. Once obtained, the attacker could access the iReport account of the user and compromise their anonymity. The same credentials could be used to access the user’s web based iReport account where any past submissions are also accessible.

Zscaler said it notified CNN of the security flaw on July 15th and that the company confirmed it’s investigating. The CNN app for iPhone received an update today with “bug fixes” listed in the release notes, but the company is yet to confirm if the update was to address the security flaw detailed by Zscaler.

Site default logo image

Snapchat debuts new ‘Our Story’ function for communal snap stories at events

Avatar for Mark Gurman Jun 17 2014 - 9:27 am PT
0 Comments

https://www.youtube.com/watch?v=pZeDPfHiBC8

Social network app Snapchat is today rolling out a new feature called Our Story. It’s just like the My Story feature, where you can put a bunch of photos into a single album-like story, but multiple people can contribute to it. The feature works based on events and on your location. As Snapchat explains on its blog:


Expand
Expanding
Close

NYT ‘Elections 2012’ iPhone app: Get live news, opinion, polls and election results on tonight’s Iowa caucuses

Avatar for Élyse Betters Jan 3 2012 - 8:27 am PT
0 Comments
Site default logo image

It’s Caucus Day in Iowa, and most Americans will be tuned into their favorite news channel to see who the winner will be.  This year, though, the elections entered the twenty-first century due to The New York Times’ “Election 2012” free iPhone application available through the App Store.

According to the NYT, the app gives iPhone users “news, opinion, polls and live election night results,” from its own publication and other top sources, while providing “the best campaign coverage anywhere.”


Expand
Expanding
Close