Researchers Find Major Security Flaws in Parking Apps

Several smartphone parking applications contain serious vulnerabilities which could allow a hacker to launch a Man in the Middle attack against their users and ultimately gain unauthorized access to the device, new research has found. Information assurance firm NCC Group tested six popular but unnamed Android apps, some with an installed base of 5-10,000 users and others with registered users of up to one million. Although the majority of the apps used TLS to encrypt sensitive data sent back to the server, none verified the certificate used by that server—exposing them to MITM attacks enabled by an "intercepting proxy tool." One vendor had even chosen to build their own encryption system, but failed by storing the keys in the application code, so they were easily retrieved by decompiling the app.