New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

EU Exit: ID Document Check app lacks basic security

Security company Promon released a statement yesterday warning about the use of the Home Office’s “Brexit” app for mobile devices. While the company did not clarify how the application is vulnerable, Promon stated that the app was tested against “basic and commonly used attack methods and tools, which often require very limited technical skills to use.” Promon is warning that it is currently possible to steal sensitive information provided by users of the application like passport details, photo IDs. Because the app is responsible for handling this type of information, Promon is also warning of the following scenarios:

  • Attackers could easily modify and repackage the app to target users
  • The app does not defend against code injection
  • The app will run regardless of phones being rooted or jailbroken
  • It is possible to debug the app
  • Spyware can easily log anything being typed into the app’s text fields
  • The app was released without obfuscation, making it easy for an attacker to gain an understanding of the code
  • Several of the attacks are possible regardless of whether or not the user has a rooted or jailbroken device

Analyst Notes

When it comes to mobile applications, always stick to the Google Play Store for Android devices or the App Store for iOS devices. Apps must pass the respective vendor’s security checks before being listed in the store. When installing apps, always check that the name and publisher are correct. This application’s name is “EU Exit: ID Document Check” for both platforms. Unfortunately, the publisher’s name is different. Look for “UK Visas and Immigration” on the Play Store or “Home Office” on the App Store. If it is possible to verify identity without using the app, considering using an alternative means to do so.

Source: https://promon.co/security-news/the-home-offices-brexit-app-lacks-basic-security-allowing-hackers-to-steal-passport-information-and-facial-ids/