Top mobile finance app Money Lover has some worrying security flaws
It’s leaking sensitive data
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A popular finance and budgeting mobile app was leaking email addresses and other sensitive data to anyone who was logged in to the platform, researchers discovered earlier this week.
As reported on BleepingComputer, cybersecurity researchers from Trustwave were looking into the traffic of anAndroid, iOS, and Windows app called Money Lover using aproxyand the Web Sockets view in the browser’s Developer Tools, when they stumbled upon a quickly populating list of email addresses and other data. Further investigation uncovered that the emails belonged to users of the so-called “shared wallet” feature.
Shared wallets leaking
As a finance and budgeting app, Money Lover allows multiple users to collaborate on a single, shared wallet. Think of it as a wallet for the home budget, where multiple household members can log their expenses and track overall spending. As expected, users sharing the same wallet can see each other’s emails. However, so can anyone else who’s logged in to the platform, and that’s the problem. What’s more, researchers have found that live transaction metadata was also being broadcast.
What is phishing and how dangerous is it?>Everything you need to know about phishing>These are the best firewalls right now
“The shared wallet transactions disclose user information, such as the user’s email address and shared wallet name,” Trustwave reported. “The email address and shared wallet name can be viewed via the Web Sockets tab of the browser’s “Developer Tools.” All Money Lover users who make use of the Shared Wallet feature are affected by this issue.”
The researchers did not say when they discovered the vulnerability, or how many users were affected. What we do know is that Money Lover was downloaded more than five million times on theGoogle Play Store, alone.
To keep their emails safe, users are advised to update the app to the latest version as soon as possible, otherwise their email addresses might get bombarded with phishing emails and malware infection attempts.
Via:BleepingComputer
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Turns out most of us really don’t mind data centers
