CNN news app and the massive security problem

CNN's iOS application has a major vulnerability that threatens to leak user information.

According to a report by information security company Zscaler, the app is the second most popular news app and is ranked number 165 among all free applications.

However, its iReport function, which allows users to upload photos, videos and other content to CNN news reports, has a major security flaw. Passwords for iReport accounts are sent unencrypted in clear text, making them extremely vulnerable to interception.

"Transmissions are sent in clear text (HTTP) and the password is sent unencrypted, along with all other registration/login information," the Zscaler report said.

"The concern here is that anyone on the same network as the user could easily sniff the victim's password and access their account. Once obtained, the attacker could access the iReport account of the user and compromise their anonymity."

The report added that this was of particular concern as it relates to functionality which permits people to anonymously submit news stories to CNN. The flaw occurs both when a user first creates their iReport account and during any subsequent logins.

"End-users must rely on both the app developers and app store gatekeepers to prevent such flaws from being exposed in the first place," the report added.

"This vulnerability could easily have been caught by Apple during the vetting process that they subject new applications to before including them in the app store, but our research has shown us that Apple and Google simply aren't looking for these basic security vulnerabilities."

Fortunately, the security lapse is only present in the iPhone version of the app, with the iPad and Android editions not suffering from the same fault.

CNN has been alerted of the vulnerability and has indicated that it is currently investigating the matter.


BlackBerry is Not Giving Up, Yet Another Secure Android Phone

The company has invested effort into making Android secure for everyone.

3 Essential Apps For Mobile Security

We all pretty much know how to basically secure our computers, but what about our phones?

How Social Media Broke the Chains of a Lonely Elephant in Pakistan

The power of social media? The ‘Free Kaavan’ campaign caused ripples worldwide and was backed by singer Cher.