Euro 2016 Official App Exposes Users Sensitive Information
Euro 2016 Championship has not only attracted attention to football fans but also to information security professionals. According to report published by Wandera “Analysis of Euro 2016 Impact on Mobile Security and Usage”, the official application for UEFA Euro 2016 Euro 2016 Official App Fan Guide are transmitting personal user data (including names, passwords, addresses and phone numbers) over an insecure Internet connection.
Up to the report publication the app was downloaded for more than 100 thousands time providing attackers access to sensitive information. This brings some security risk over using shared devices and non-secure wireless network to transmit the information over the public internet in clear text.
“Worryingly, it seems that the host country has been actively targeted by hackers with 72% of malicious websites and 41% of exposed passwords being detected on smartphones in France. During our research period, the number of data leaks observed by our research team increased. We predict this number will continue to rise as the tournament goes on as a result of more people traveling across Europe and using unfamiliar apps and websites to access match information. Our research suggests that data leaks will peak in late June towards the end of Euro 2016 before going back to normal levels in late July.” This is according to Wandera.
Also the statistics is showing that traffic related to online advertising is doubled mostly in Portugal, Ireland, Turkey and Spain. It is important to note that the company have spotted several fake UEFA applications but even the official UEFA EURO 2016 Fan Guide App is not secure.
Travelers across Europe were opening Euro 2016 Official App without the knowledge that the application is vulnerable to attack and allow hackers to have victim sensitive information in clear.
You can find the full report over this link http://wandera.com/downloads/Euro_Paper.pdf