PMF Bancorp - Credit Report iOS App Transmits Passwords Insecurely
Background
The
PMF Bancorp - Credit Report iOS app has a critical
security problem--it transmits passwords without
encryption over the Internet.
I tested this app:
Insecure Transmissions
Apple says that apps
must use TLS encryption
for iOS 9.0 and later, so
I don't know how this app is even usable
anymore.
Testing Method for Network Transmission
I have Burp set up as a proxy for my
iPhone.
A login message
is shown below, with the password
exposed.
I used a jailbroken iPhone running iOS
12.4.4 with no passcode.
Notification
I sent this message on 1-12-2020:
Posted 1-12-2020 by Sam Bowne