CNN news app and the massive security problem



CNN's iOS application has a major vulnerability that threatens to leak user information.

According to a report by information security company Zscaler, the app is the second most popular news app and is ranked number 165 among all free applications.

However, its iReport function, which allows users to upload photos, videos and other content to CNN news reports, has a major security flaw. Passwords for iReport accounts are sent unencrypted in clear text, making them extremely vulnerable to interception.

"Transmissions are sent in clear text (HTTP) and the password is sent unencrypted, along with all other registration/login information," the Zscaler report said.

"The concern here is that anyone on the same network as the user could easily sniff the victim's password and access their account. Once obtained, the attacker could access the iReport account of the user and compromise their anonymity."

The report added that this was of particular concern as it relates to functionality which permits people to anonymously submit news stories to CNN. The flaw occurs both when a user first creates their iReport account and during any subsequent logins.

"End-users must rely on both the app developers and app store gatekeepers to prevent such flaws from being exposed in the first place," the report added.

"This vulnerability could easily have been caught by Apple during the vetting process that they subject new applications to before including them in the app store, but our research has shown us that Apple and Google simply aren't looking for these basic security vulnerabilities."

Fortunately, the security lapse is only present in the iPhone version of the app, with the iPad and Android editions not suffering from the same fault.

CNN has been alerted of the vulnerability and has indicated that it is currently investigating the matter.




More

The Birth Of Gigabit LTE: Your Next Phone Could Be Supercharged!

This week Qualcomm announced their X16 Modem which is intended to provide Gigabit wireless speeds likely making us wish we all had unlimited data plans again. This layers on top of their Mu-MIMO effort which is already showing up in some phones providing near Gigabit speeds over Wi-Fi. To give you a sense of the speed boost this is 10x the speed of the first LTE (4G) devices and 500x the speed of the first 3G devices and about 2x the speed of the fastest modems in market today. But what does this mean in terms of what you can do? Now be aware that this generally won’t show up in phones until...

Cognizant computing smartphones  

Smarter, fast communications, and high-resolution—can it get any better?

How To Market Yourself Online

Up to 93% of hiring managers review a candidate’s social profile before making a decision on whether to offer a role, and this number is only likely to increase.