ABOUT US | SERVICES | SUBSCRIPTIONS | LOGIN | SIGNUP
SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community
MARKETS » MOBILE Commerce HTML5 WebRTC
HOT TOPICS » VIDEO MANAGED SERVICES WEARABLE TECH WORLD NETWORK MANAGEMENT

TMCNet: Zscaler Finds Security Vulnerabilities in ESPN ScoreCenter Mobile App [Professional Services Close - Up]

[January 23, 2013]

Zscaler Finds Security Vulnerabilities in ESPN ScoreCenter Mobile App [Professional Services Close - Up]

(Professional Services Close - Up Via Acquire Media NewsEdge) Zscaler, a provider of Security Cloud services for the mobile, social, everywhere enterprise, revealed that ESPN ScoreCenter, a mobile sports app, has significant security vulnerabilities that could compromise users' mobile devices, including the threat of data theft.


According to a release, the flaws were unearthed using Zscaler Application Profiler (ZAP), a free online tool that helps assess mobile apps for security risks. ESPN said it is looking into the vulnerabilities in the ScoreCenter app.

The security vulnerabilities with the ESPN ScoreCenter app highlight a growing security problem as mobile apps proliferate and basic security measures are overlooked in the development process.

"It's important to remember that many mobile apps are not native applications-they're essentially web pages displayed in a WebView control, or even just web content mixed in with native controls," said Michael Sutton, VP, Security Research, Zscaler ThreatLabZ. "As such, vulnerabilities common to web applications can also occur in mobile apps. Users should be aware that such vulnerabilities in mobile apps often remain hidden, as apps don't have the same visual indicators to show that data is being sent insecurely." First, by displaying basic web content without properly sanitizing user-supplied input, ESPN SportsCenter exposes a cross- site scripting (XSS) flaw. Therefore, active content such as JavaScript can be injected into the app. Second, ESPN SportsCenter passes authentication credentials in clear text when an account is first created. By sending the password in clear text, ESPN ScoreCenter enables anyone sniffing traffic on the network to easily steal that key piece of information.

The flaws were discovered using ZAP, Zscaler's Application Profiler. ZAP is an easy to use, free online tool where users can search the name of any iOS or Android app, and receive an instant assessment of its security and privacy risks, along with an overall risk score. Users can also use ZAP to scan traffic from an app installed on their device to see whether their own data is being exposed. No security expertise is needed to use ZAP. As more users submit mobile apps for analysis, Zscaler's ThreatLabZ team adds the results to the ZAP database, in effect crowdsourcing the security profiles of thousands of mobile apps.

More information: www.zscaler.com ((Comments on this story may be sent to newsdesk@closeupmedia.com)) (c) 2013 ProQuest Information and Learning Company; All Rights Reserved.

[ Back To Technology News's Homepage ]

OTHER NEWS PROVIDERS

BACK TO TECHNOLOGY NEWS HOME






Technology Marketing Corporation

800 Connecticut Ave, 1st Floor East, Norwalk, CT 06854 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments: tmc@tmcnet.com.
Comments about this site: webmaster@tmcnet.com.

IMPORTANT

SUBSCRIPTIONS


Subscribe to our FREE eNewsletters
SUBMIT

STAY CURRENT YOUR WAY

© 2013 Technology Marketing Corporation. All rights reserved.