'Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [FD] 360 security android app snoops data to China Unicom network via insecure HTTP
From:       Daniel Wood <daniel.wood () owasp ! org>
Date:       2017-04-30 13:26:42
Message-ID: B79D2305-9EDC-4F90-865D-AA5F4C118331 () owasp ! org
[Download RAW message or body]

Can't you just run the app in an Android emulator and shark it?

Sent from my iPhone

> On Apr 30, 2017, at 06:02, seclists@email.tg wrote:
> 
> I have a further update on the issue. After uninstalling the 360 security android app, I \
> found after repeated checks of Network Info on my phone via the Ping & DNS app that even then \
> the HTTP connection to IP address 123.125.114.8 still frequently showed up. So, I monitored \
> the network connections on my phone via the Network Connections app \
> (https://play.google.com/store/apps/details?id=com.antispycell.connmonitor) and found that \
> this time the HTTP connection to IP address 123.125.114.8 was being established by the ES \
> File Explorer app (https://play.google.com/store/apps/details?id=com.estrongs.android.pop \
> (https://play.google.com/store/apps/details?id=com.estrongs.android.pop)). So, it is possible \
> that the insecure HTTP connection to the above IP address that I observed when both the 360 \
> security and ES File Explorer app were installed on my phone was in fact because of the ES \
> File Explorer app or the other possibility is that both the apps have the same problem. I \
> haven't had a c
 ha
> nce to re-install the 360 security app without the ES File Explorer to check that and I don't \
> intend to re-install the 360 security app on my phone, since it anyways used to raise the \
> temperature on my phone suspiciously. So, I will report this as an issue for the ES File \
> Explorer app in a separate email. 
> Thanks.
> Hi,
> 
> I found the following review posted about the 360 security android app:
> 
> https://play.google.com/store/apps/details?id=com.qihoo.security&reviewId=Z3A6QU9xcFRPSG1HSTRa \
> SVdNelVWY3FhZk5zcFlFMnZKeXRKRHhhQUE4VU9pLWV4UFBxeHJ3Xy1ZZWU2bEpOLTg0eGxzczFCV0lkaWxxTHRzZTQ4RWxzU2c \
> (https://play.google.com/store/apps/details?id=com.qihoo.security&reviewId=Z3A6QU9xcFRPSG1HSTR \
> aSVdNelVWY3FhZk5zcFlFMnZKeXRKRHhhQUE4VU9pLWV4UFBxeHJ3Xy1ZZWU2bEpOLTg0eGxzczFCV0lkaWxxTHRzZTQ4RWxzU2c)
>  "Snoops data to China Unicom via insecure HTTP link! Found while checking Network info on my \
> device with this app installed that it had established an insecure HTTP connection to an IP \
> address(123.125.114.8) on Chinese state owned China Unicom network (China Unicom owns a stake \
> in app developer via Qihoo 360). Also, when installed, found my phone temperature rising \
> frequently indicating covert data transfer from my phone. I've now uninstalled this Chinese \
> spying app & advice the same to anyone using the app. Resp to comment: updated above info \
> with IP addr.   360 Mobile Security Limited April 26, 2017  Hi, sorry for the inconvenience. \
> It will be helpful for us to solve the problem, if you can give us more information and \
> details . Attaching some screenshots would be helpful. Please contact us by email: \
> jenny@mobimagic.com (mailto:jenny@mobimagic.com). Many thanks." 
> I observed the same behavior when I had this app installed on my smartphone. I checked the \
> Network Info on my phone when this app was installed, using the Ping & DNS \
> app(https://play.google.com/store/apps/details?id=com.ulfdittmer.android.ping \
> (https://play.google.com/store/apps/details?id=com.ulfdittmer.android.ping)) and found the \
> insecure HTTP connection to the above IP address. After I uninstalled the app, the HTTP \
> connection to the above IP address was gone, as well. On checking the WHOIS \
> info(https://www.whois.com/whois/123.125.114.8 (https://www.whois.com/whois/123.125.114.8)) \
> for this IP address it can be seen that it is indeed on the Chinese state-owned China Unicom \
> network. I had App usage tracking permission on Android enabled for this app, to facilitate \
> phone temperature reduction, when I observed the above. 
> Can other security researchers please check and comment on this security hole?
> 
> Thanks.
> 
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

[prev in list] [next in list] [prev in thread] [next in thread] 