Offside! Lack of encryption bares usernames, passwords and more
The official UEFA Euro 2016 app is leaking football fans’ personal data, security researchers warn.
The app is transmitting user credentials – including usernames, passwords, addresses and phone numbers – over an insecure internet connection, mobile security outfit Wandera discovered.
The lack of encryption in the app, which has clocked up more than 100,000 downloads, offers a possible conduit for data leaks. Wandera warns that both the iOS and Android versions of the app are vulnerable.
El Reg relayed the warning to UEFA’s press team with a request for comment. No word as yet but we’ll update this story as and when we hear more.
Wandera’s SmartWire Labs said it has witnessed and upsurge in enterprise smartphones accessing malicious websites – most likely linked to an increasing number of mobile ads – since the tournament started.
“Increased data usage during the beginning of Euro 2016 will come as no surprise to anyone,” said Eldar Tuvey, chief exec of Wandera. “What is clear however, is that football fans are travelling across Europe [and] accessing apps and websites that are unfamiliar to them [on order] to access the up-to-date information they crave. Our analysis proves that even so-called ‘trusted sources’ carry risk and vulnerability – something that enterprises must be equipped to deal with.”
More analysis of Euro 2016’s impact on mobile security and usage can be found here (pdf). ®