13,408
edits
m (Reverted edits by 49.207.209.176 (talk) to last revision by WikiDwarf) Tag: Rollback |
|||
Line 322: | Line 322: | ||
==Airtel app security flaw== | ==Airtel app security flaw== | ||
On 8 December 2019, a serious security fault was detected that existed in Airtel's [[API]]. The bug allowed potential threat actors to "fetch sensitive user information of any Airtel subscriber."<ref>{{cite news |title=Security flaw in Airtel app exposes customers data, fixed now |url=https://economictimes.indiatimes.com/tech/internet/security-flaw-in-airtel-app-exposes-customers-data-fixed-now/articleshow/72421661.cms |website=The Economic Times |access-date=16 December 2019}}</ref> Ehraz Ahmed was the first to observe this security vulnerability, and he released a video demonstrating a script being used to obtain information from the Airtel's mobile app's API.<ref name="Airtel mobile app security flaw exposes personal data of 32 crore subscribers">{{cite web |title=Airtel mobile app security flaw exposes personal data of 32 crore subscribers |url=https://www.businesstoday.in/sectors/telecom/bharti-airtel-security-flaw-data-breach-exposes-personal-and-sensitive-user-information-of-32-crore-subscribers/story/391724.html |website=Business Today |date=9 December 2019 |access-date=15 December 2019}}</ref> On his blog, Ehraz concluded that such flaw can result in "revealed information like first and last name, gender, email, date of birth, address, subscription information, device capability information for 4G, 3G & [[General Packet Radio Service|GPRS]], network information, activation date, user type (prepaid or postpaid) and current [[International Mobile Equipment Identity|IMEI]] number", all being very sensitive user information.<ref>{{Cite web |last=Ahmed |first=Ehraz |title=Security Flaw in Airtel - Ehraz Ahmed |url=https://ehraz.co/security/casestudy/airtel/ |access-date=2023-07-18 |website=ehraz.co |language=en-US}}</ref><ref name="Airtel mobile app security flaw exposes personal data of 32 crore subscribers"/> Airtel acknowledged the issue and it was fixed shortly after.<ref>{{Cite news |date=2019-12-06 |title=Indian Airtel: Bug meant users' personal data was not secure |language=en-GB |work=BBC News |url=https://www.bbc.com/news/world-asia-india-50641608 |access-date=2023-07-18}}</ref> | On 8 December 2019, a serious security fault was detected that existed in Airtel's [[API]]. The bug allowed potential threat actors to "fetch sensitive user information of any Airtel subscriber."<ref>{{cite news |title=Security flaw in Airtel app exposes customers data, fixed now |url=https://economictimes.indiatimes.com/tech/internet/security-flaw-in-airtel-app-exposes-customers-data-fixed-now/articleshow/72421661.cms |website=The Economic Times |access-date=16 December 2019}}</ref> Ehraz Ahmed was the first to observe this security vulnerability, and he released a video demonstrating a script being used to obtain information from the Airtel's mobile app's API.<ref name="Airtel mobile app security flaw exposes personal data of 32 crore subscribers">{{cite web |title=Airtel mobile app security flaw exposes personal data of 32 crore subscribers |url=https://www.businesstoday.in/sectors/telecom/bharti-airtel-security-flaw-data-breach-exposes-personal-and-sensitive-user-information-of-32-crore-subscribers/story/391724.html |website=Business Today |date=9 December 2019 |access-date=15 December 2019}}</ref> On his blog, Ehraz concluded that such flaw can result in "revealed information like first and last name, gender, email, date of birth, address, subscription information, device capability information for 4G, 3G & [[General Packet Radio Service|GPRS]], network information, activation date, user type (prepaid or postpaid) and current [[International Mobile Equipment Identity|IMEI]] number", all being very sensitive user information.<ref>{{Cite web |last=Ahmed |first=Ehraz |title=Security Flaw in Airtel - Ehraz Ahmed |url=https://ehraz.co/security/casestudy/airtel/ |access-date=2023-07-18 |website=ehraz.co |language=en-US}}</ref><ref name="Airtel mobile app security flaw exposes personal data of 32 crore subscribers"/> Airtel acknowledged the issue and it was fixed shortly after.<ref>{{Cite news |date=2019-12-06 |title=Indian Airtel: Bug meant users' personal data was not secure |language=en-GB |work=BBC News |url=https://www.bbc.com/news/world-asia-india-50641608 |access-date=2023-07-18}}</ref> | ||
== See also == | == See also == | ||
edits