iOS Outlook App Breaks Security

iOS Outlook App Breaks Security

Rene Winkelwyer, software developer at Midpoints GmbH has identified stupid security practices that jeopardises corporate security. He says, the iOS outlook app stores the user email login credentials in the cloud without user's knowledge and consent.

He identified a Amazon Web Service IP scanning his personal mail account and then realized that the microsoft stored his email credentials somewhere in the cloud.

According to Winkelwyer the stupidest security practice in outlook is, it assigns a single identity number for all internet of things attached to that account, means content can be shared beyond business boundaries.

Email credentials stored in Microsoft's cloud won't be deleted when the users opted to uninstall the app and delete remote data, Winkelwyer says.

Winkelwyer recommends to block the app from accessing companies mail servers and inform the users that they shouldn't use the app.

No comments

Powered by Blogger.