SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

TMCnet FEATURE

TMCNET eNEWSLETTER SIGNUP

January 21, 2013

ESPN Quick to Respond to Mobile App Security Risks Discovered by Zscaler

By Colleen Lynch, TMCnet Contributor

ESPN’s (News - Alert) ScoreCenter mobile app was flagged on Friday for reportedly significant security vulnerabilities discovered by security cloud company Zscaler.

As one of the most popular sports apps on the market today, any security risks pertaining to ESPN ScoreCenter could affect thousands of users across the country.

Despite originally declining to comment, ESPN moved quickly to address the issues, and as of 4:19 pm EST Friday, the company contacted Zscaler to affirm that the company successfully eradicated its servers of vulnerabilities in question.

In its initial announcement, Zscaler warned users of data theft, in addition to other vulnerabilities which could compromise users’ mobile devices and personal information.

In a blog post by Zscaler discussing the issue, the company stated that the vulnerabilities were easy to find using Zscaler’s solution.

Additionally, the company wrote, “It is disappointing to see that the testing performed on apps before they are admitted by Apple (News - Alert) to the iTunes store does not even include such basic security tests such as looking for XSS vulns. and sending passwords in clear text.” 


Image via itunes.apple.com

These two vulnerabilities were highlighted by Zscaler--cross-site scripting (XSS) and clear text authentication credentials.

Essentially, the ESPN ScoreCenter app works via WebView control, which allows information entered by the user to become compromised more easily. As many apps are not native, their format allows active content to be injected, such as JavaScript, raising the risk factor substantially.

In terms of password safety, the ESPN ScoreCenter app’s flaw is described in the post as “sending your password in clear text. Therefore, anyone sniffing traffic on the network would be able to easily steal your username/password.”

Zscaler used its Application Profiler (ZAP (News - Alert)) to reveal the flaws, proving the free online security-checking tool for apps is a good solution for companies and users worried about the safety of their information.

Luckily, ZAP is easy to use; the name of any iOS or Android (News - Alert) app can be searched, and then instantly assessed for security and privacy risks, which gets translated into an overall risk score.

Zscaler added, “We want to thank ESPN for working quickly to protect their users.”



Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.




Edited by Brooke Neuman
» More TMCnet Feature Articles

Comments powered by Disqus

LATEST TMCNET ARTICLES

» More TMCnet Feature Articles




LATEST VIDEOS

DOWNLOAD CENTER

UPCOMING WEBINARS

MOST POPULAR STORIES





Technology Marketing Corporation

800 Connecticut Ave, 1st Floor East, Norwalk, CT 06854 USA
Ph: 800-243-6002, 203-852-6800
Fx: 203-866-3326

General comments: tmc@tmcnet.com.
Comments about this site: webmaster@tmcnet.com.

STAY CURRENT YOUR WAY

© 2014 Technology Marketing Corporation. All rights reserved.