CNN news app and the massive security problem



CNN's iOS application has a major vulnerability that threatens to leak user information.

According to a report by information security company Zscaler, the app is the second most popular news app and is ranked number 165 among all free applications.

However, its iReport function, which allows users to upload photos, videos and other content to CNN news reports, has a major security flaw. Passwords for iReport accounts are sent unencrypted in clear text, making them extremely vulnerable to interception.

Related: The Undead PC: The Most Impressive Thing Apple Launched Was A PC

"Transmissions are sent in clear text (HTTP) and the password is sent unencrypted, along with all other registration/login information," the Zscaler report said.

"The concern here is that anyone on the same network as the user could easily sniff the victim's password and access their account. Once obtained, the attacker could access the iReport account of the user and compromise their anonymity."

The report added that this was of particular concern as it relates to functionality which permits people to anonymously submit news stories to CNN. The flaw occurs both when a user first creates their iReport account and during any subsequent logins.

"End-users must rely on both the app developers and app store gatekeepers to prevent such flaws from being exposed in the first place," the report added.

Related: Stripped down version of MS Word is top iOS free app

"This vulnerability could easily have been caught by Apple during the vetting process that they subject new applications to before including them in the app store, but our research has shown us that Apple and Google simply aren't looking for these basic security vulnerabilities."

Fortunately, the security lapse is only present in the iPhone version of the app, with the iPad and Android editions not suffering from the same fault.

CNN has been alerted of the vulnerability and has indicated that it is currently investigating the matter.




More

Rumor Has it New Star Wars Trailer May Play Before The Hobbit This December

The latest Star Wars chapter to debut December 18, 2015

The Next James Bond to Be Shot on Film

007 returns to the big screen November 6, 2015

Keeping Star Wars Under Wraps

It’s currently a little over a year before we have the new Star Wars movie in theaters, and as we’ve reported many times before, keeping anything a secret on it has to be nearly impossible in this day and age, although knowing JJ Abrams, he’ll certainly do his best. According to the Hollywood Reporter, Disney tried to get a drone shield, made visitors put tape over their cell phones, and there were even people in trees trying to get any scrap of information. The Reporter wrote that a pilot took a picture of the Millennium Falcon, not realizing what it was from the air until he looked at the...