Live Global Events: Secure, Simplify, and Transform Your Business.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Analysis Of ATN Live TV IOS App Using ZAP

December 22, 2013 - 2 min read
“As the Mobile Industry is moving so fast, so too do security and Privacy issues”
There has been rapid growth in the prevalence of mobile devices in last few years. Every day a new device is being launched and hence increasing the number of online transactions. BYOD (Bring Your Own Device) has further complicated the security challenges of enterprises as they’re now responsible for protecting data on devices that they don’t own. At the same time, mobile application developers are coding new apps every day, without focusing on security/privacy related issues.
In this Post we will focus on analyzing the ATN Live TV App for iOS using our own free service ZAP(Zscaler Application Profiler). If you aren’t familiar with ZAP, it’s a simple web application which allows anyone to quickly analyze the security/privacy issues of any iOS or Android app by dynamically inspecting the web traffic generated by the app. Please have a look at our previous blog post or videofor more information.
Let’s begin.
App Name: ATN Live TV
Category: Entertainment
You will need to provide the APP URL and some fake credential to ZAP in order to analyze the traffic for security/privacy leaks.
Once you are done with this, you’ll need to set the proxy setting on your device to point to ZAP. Hit the Proxy Scan button and follow the instructions for setting the proxy on your particular device.
In this analysis, we found that ATN Live TV is leaking passwords and Email IDs.
As you can see, the Email ID and the MD5 hashed password is being transferred to the server via GET request using HTTP. While the password is hashed via MD5, you can see that the data is not transmitted in an encrypted (HTTPS) channel. While MD5 is a one-way hash, an attacker that was able to sniff this traffic, could perform a dictionary attack to retrieve the clear text password.
Here is the Final Risk Score Report of ATN Live TV app from ZAP.
With the explosion of mobile app development, we’re seeing an increase in data and privacy leaks. This is occurring for the same reason that we saw so many web application vulnerabilities a decade ago – there are many new developers entering the space but few have access to the tools and knowledge necessary to develop secure apps and apps are often published without an independent security audit.
These issues were reported to the developer on 20/12/2013.
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.