ESPN’s (News - Alert) ScoreCenter mobile app was flagged on Friday for reportedly significant security vulnerabilities discovered by security cloud company Zscaler.
As one of the most popular sports apps on the market today, any security risks pertaining to ESPN ScoreCenter could affect thousands of users across the country.
Despite originally declining to comment, ESPN moved quickly to address the issues, and as of 4:19 pm EST Friday, the company contacted Zscaler to affirm that the company successfully eradicated its servers of vulnerabilities in question.
In its initial announcement, Zscaler warned users of data theft, in addition to other vulnerabilities which could compromise users’ mobile devices and personal information.
In a blog post by Zscaler discussing the issue, the company stated that the vulnerabilities were easy to find using Zscaler’s solution.
Additionally, the company wrote, “It is disappointing to see that the testing performed on apps before they are admitted by Apple (News - Alert) to the iTunes store does not even include such basic security tests such as looking for XSS vulns. and sending passwords in clear text.”
Image via itunes.apple.com
These two vulnerabilities were highlighted by Zscaler--cross-site scripting (XSS) and clear text authentication credentials.
In terms of password safety, the ESPN ScoreCenter app’s flaw is described in the post as “sending your password in clear text. Therefore, anyone sniffing traffic on the network would be able to easily steal your username/password.”
Zscaler used its Application Profiler (ZAP (News - Alert)) to reveal the flaws, proving the free online security-checking tool for apps is a good solution for companies and users worried about the safety of their information.
Luckily, ZAP is easy to use; the name of any iOS or Android (News - Alert) app can be searched, and then instantly assessed for security and privacy risks, which gets translated into an overall risk score.
Zscaler added, “We want to thank ESPN for working quickly to protect their users.”
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Brooke Neuman