Data breaches have been in the year, particularly in the last two years. Before there were 12306 of large user data leaked "tribute" Last Christmas, after the robbery ticket software "train ticket talent" 3 million password was leaked. Recently, McAfee Labs posted on its official blog that researchers have found that many applications track the behavior of mobile devices and transmit the data collected through plaintext HTTP to the application developer's server. This makes it very easy for personal information and corporate data to be intercepted by hackers, resulting in data breaches.
Costco application: Naked vouchers
The vulnerability exists in the Costco application of the second largest retailer in the United States, where security researchers test the discovery of their logon requests as plaintext HTTP requests. What does that mean? When you use your phone to connect to a risky public wireless network for online shopping, hackers will intercept this information.
Weibo: Chat is easy to spy on or cheat
Suppose you leave a message on Weibo as follows:
Using Wireshark to capture the data sent back to the microblog is as follows:
Attackers can capture your cookie and even change your job information through a man-in-the-middle attack.
You might ask who cares? The job information is everywhere in social media. But what if you talk to your friends privately? We post a message through the chat window:
Wireshark again captures the exact text without encryption, there's no privacy here!
It can be seen from the above case that there is a huge privacy leak in the way of this plaintext transmission, and as an application developer, you should try to reduce the vulnerability of the application and improve the security of the app as much as possible in the process of writing these applications. The good news is that through the Love Encryption (www.ijiami.cn) Vulnerability Analysis platform can achieve a key app vulnerability analysis, timely detection of app vulnerabilities, rapid remediation, save time and effort. At the same time, love encryption provides Android and iOS system app encryption service, efficient and fast, is the developer's essential artifact Oh!
Turn "Beware of app plaintext HTTP transmission data Disclosure privacy
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
