×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

davidstites Consider other possibilities... (139 comments)

One other idea to consider is that I presented the very worst possibility. At the very least, one could begin to build a profile of someone to steal their identity. And if that is too outlandish to consider, then perhaps the idea of being able to see when they would be gone (because you can see upcoming trips), and then just rob them. Either way, it's negligence on their part, plain and simple.

more than 2 years ago
top

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

davidstites Re:I blame Denver Internation Airport ... (139 comments)

Yes, it is true. I demonstrated it to a local news anchor that had an account with Southwest. We sat at Starbucks, me on the other side of the room, and he randomly logged in and I grabbed his password and then presented him with a list of information that I was able to collect, including past and upcoming trips.

more than 2 years ago
top

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

davidstites Re:Only idiot Terrorists get caught (139 comments)

Fake boarding passes wouldn't particularly be all that hard to create either with all of the "print-at-home" tickets. Someone with decent photoshop skills should be able replicate one. Obviously it wouldn't get you on the plane, but it would get you past TSA and into the terminal.

more than 2 years ago
top

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

davidstites Re:Only idiot Terrorists get caught (139 comments)

Not at least at DIA or COS that I've been involved in although I have heard that at some airports the TSA does random gate/ID checks.

more than 2 years ago
top

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

davidstites Re:Pandora (139 comments)

Until these merchants or companies get burned, they continue with the same practices because they figure it's not worth the time to do it right or they can "get away with it." For whatever reason (time, money, lack knowledge), for most companies, security is not considered a benefit until it fails or they are discovered. Perhaps it's time for more strict consequences for instances of negligence such as this.

more than 2 years ago
top

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

davidstites Re:Pandora (139 comments)

Yeah it is interesting that they don't. It would certainly be in their best interest to do something like that. What I found, particularly with this story, is that many media outlets didn't consider this "news" because no one has had the exploit performed against them. They have to see someone go down before they consider it an issue. Until then, it's just a "threat", not an attack.

more than 2 years ago
top

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

davidstites Re:Always Wondered About App Encryption Levels (139 comments)

Southwest wasn't the only app I found that username and password issues. There is a list below. Note that typically users have a really high rate of password reuse so if we are able to compromise one account, the chances are likely to be able to compromise others.

Cloudette: Username in plaintext and password, hashed with MD5
Gas Buddy: Username and password, hashed with MD5

These two apps (Cloudette and Gas Buddy) are mentioned because you could replay these credentials to login to that account.

Southwest Airlines: Username and password in plaintext
Minus: Username and password in plaintext
Wordpress: Username and password in plaintext
Foodspotting: Username and password
ustream: Username and password
Labelbox: Username and password

Of the 253 applications surveyed, 91.7% had no risk found, 3.1% had a low risk, 2.3% had a medium risk and 2.3% had a high risk. While it would be desirable to have no applications in the “Medium” or “High” category, the number of applications the authors found presented a security risk was both surprising and far too numerous. There are over 500,000 applications on the iOS App Store, so extrapolating the results, there could be at least 15,500 applications in the “Low” risk category and 11,500 applications in the “Medium” and “High” risk category.

You can find the full details here: http://blog.afewguyscoding.com/2012/01/affected-applications-a-survey-mobile-device-security-threats-vulnerabilities-defenses/

more than 2 years ago
top

Southwest Airlines iPhone App Unencrypted, Vulnerable To Eavesdroppers

davidstites Re:Wonder how the other tools are... (139 comments)

Using ROT-13 would essentially be as good as no "encryption" at all. Algorithms such as this one, commonly called a Caesar cipher, does not hide language characteristics, such as letter frequency, etc. so it would be rather trivial to derive the actual plaintext. There is a reason these are classical algorithms and we've moved to AES and RSA.

more than 2 years ago

Submissions

top

Southwest Airlines iPhone app vulnerable to hackers

davidstites davidstites writes  |  more than 2 years ago

davidstites writes "I am a masters computer science student at University of Colorado at Colorado Springs and in November I performed a security audit of 230+ popular iOS applications because I wanted to know how secure apps on smartphones and tablets really are.

I made a shocking discovery. The largest single potential security breach was with the Southwest Airlines application. Southwest Airlines’ iPhone app leaves a user’s information vulnerable to hackers. When you login to the application on your phone using your Rapid Rewards account, the app submits your username and password information as plain-text (unencrypted) to a Southwest remote server (mobile.southwest.com). A potential attacker can simply sniff for the data on the network and steal it. This situation is a hackers dream!

If a victims credentials were captured, a hacker could use those credentials to login to that particular account and they would have access to anything the victim would have access to, such as addresses, birthdays, e-mail, phone and credit cards. They could even book a flight in the victims name. This not only obviously worrisome from the standpoint of a potential attacker fraudulently using a victims account and credit card information, but also due to the possibility of terrorist threats in air travel. At the very least, this discovery uncovers the potential for identity theft and at the very worst, it is a complete breakdown in national air travel security.

The possibility of being able to capture this data is especially probable since Denver International offers free WiFi and it is an unencrypted network. The probability that a Southwest passenger would login to their account is also quite high since they have an entire terminal to themselves (C concourse). However, this could occur on any unencrypted or encrypted network.

Consider the possibility of a person who is currently (and rightfully) on the Department of Homeland Security’s “No-Fly” list. If this person were able to capture a victim’s credentials and create a fake ID, he could pass through TSA security without being stopped.

I don't know how Southwest Airlines let this happen, but sometimes companies have to decide between security and the bottom line. Companies rush to get products out, the engineering dollars are not there to complete the project, so security falls to the back. Usually, security is not thought of as a benefit, until it fails.

I contacted Southwest when the vulnerability was found in early December and they still have not released a patch as of today and they have never contacted me back about the vulnerability. Until the security flaw is fixed, the best solution is to not use the application.

A full list of applications with vulnerabilities can be found at http://blog.afewguyscoding.com/2011/12/survey-mobile-device-security-threats-vulnerabilities-defenses/.

Additionally, some local NBC (http://www.koaa.com/news/uccs-student-points-out-phone-security-concerns/) and ABC (http://www.krdo.com/news/30422585/detail.html) news stations and the Denver Post covered this story (http://blogs.denverpost.com/techknowbytes/2012/02/09/southwest-airlines-iphone-app-vulnerable-to-hackers-study-says/3264/)."

Journals

davidstites has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?