Security Flaw In Android Instapaper App Allows Password Theft

Security Flaw In Android Instapaper App Allows Password Theft

Researchers at Bitdefender have discovered a security flaw in Android Instapaper app that allows an attacker to steal users' login credentials.
"The vulnerability may have serious consequences, especially if users have the same password for more than one account, leaving them potentially vulnerable to intrusions," the researchers says.

The vulnerability lies in the way the application implements certificate validation. Although the entire communication is handled via HTTPS, the app performs no certificate validation. If someone were to perform a man-in-the-middle attack, he could use a self-signed certificate and start collecting authentication credentials.

"While the attacker might seem to only gain access to your Instapaper account, most people use the same password for multiple accounts. A cyber criminal could try and use your Instapaper password to access your social media or email accounts," warns Catalin Cosoi, Chief Security Strategist at Bitdefender.

You might also like: dSploit - Android App For Hackers

No comments

Powered by Blogger.