Researcher: hustle meter app police leaking location information




The app that the police and local authorities offered at major events such as King’s, the four-day hiking and Gay Pride, leak, discovered a security researcher. It appears to be possible to intercept the location of the user, and to manipulate. The contents of the app

The app communicates unsecured with two different servers, where the data are sent in plain text discovered Mark Koek QSec that the iOS version investigated. It’s the app that visitors to major events such as King’s install, where they can see how busy it is in the city. Using the ‘buzz meter’ The app was last used during the Relief of Leiden, the town celebrates the end of the siege of the Spaniards.

The application is demonstrated by unencrypted email if it serves the application, the location of a user discovered Koek. This would someone with access to the network through. Location of users When the app runs in the background, is also sent to determine the bustle of the event’s location, but that data stream is encrypted on iOS. How that is in the Android version has Koek not investigated.

Also remove the app via an unencrypted connection information from a server, which is used for displaying information on the “actueel’ page. Page, so that would be able to manipulate, though he should have. Therefore also access to the network, a malicious The data are also not sent directly to the police, but by a vendor.

Adrian Proos National Police says police itself is not responsible for the content of the app. “The app will be published on our developer account, but it is the church and the organizers of the event responsible for the content of the app,” says Proos.

The police will also not use the app. “It was a pilot project, but of course it is not really our core business,” said Proos. He further emphasized that the data arrives at the police anonymously, so much more smartphone apps are susceptible to a man in the middle -aanval. “If I have a news app on an open Wi-Fi network use, those pages can also be manipulated,” said Proos. The latter claim Proos is not readily verifiable, but sounds lying, obvious because many apps http instead of https secure.

Eighteen months ago, the police already app also came into disrepute. The crowds meter in the app would generate too much data, making the mobile network could become overloaded reported NOS time. KPN said even access to the emergency number 112 may not be able to guarantee. Then the buzz meter was removed at the coronation of King Willem-Alexander of the app.


In: Technology & Gadgets Asked By: [15572 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »