The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Researchers find security flaw in Target mobile app

2015-12-17 03:07 by
Tags: ,

 

Customers who have used Target's wish-list making mobile app may be exposed to hacker attacks. Security company Avast has recently announced that a vulnerability in the app allows unauthorized access to customers' addresses, phone numbers and other personal information from wish lists.

"To our surprise, we discovered that the Target's app's Application Program Interface (API) is easily accessible over the Internet," Filip Chytry wrote on the Avast blog. "The only thing you need in order to parse all of the data automatically is to figure out how the user ID is generated," Chytry said. "Once you have that figured out, all the data is served to you on a silver platter in a JSON file."

The good news in this case is that credit card numbers don't appear to be stored with the wish lists, so financial information isn't vulnerable.

Soon after Avast notified Target of the mishap, the retailer said it suspended certain elements of the app while developers investigate the issue and come up with a fix.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About