The world’s top companies use wandera Learn Why Try Wandera for Free

Scandinavian airline exposing customers’ personal data

Scandinavian airline exposing customers’ personal data

1600 898 Liarna La Porta

Anyone that has flown for work will know that business trips are stressful enough as they are. Companies and employees shouldn’t have the added pressure of worrying about how the airlines they choose to fly with are handling their personal data.

Researchers at Wandera have discovered a vulnerability in Scandinavian Airlines’ (SAS) mobile apps that puts the personal data of passengers at risk of theft.

Considering that SAS is the largest airline in Scandinavia, the potential impact of this vulnerability is significant.

Read the Threat Advisory

How does it happen?

When a user registers for an account with SAS via the iOS or Android apps, the information they enter – such a username and password – is being sent unencrypted across the internet.

This means the personally identifiable information (PII) of passengers can easily be harvested by any hacker intercepting their mobile traffic. As we’ve demonstrated before, it is not difficult to be fooled by a spoof Wi-Fi hotspot labelled “Free Wi-Fi”; one that has been set up by a hacker for malicious purposes using cheap and accessible equipment.

Furthermore, the Web API that is used by the SAS apps can be accessed via the HTTP protocol, which makes the mobile apps susceptible to an HTTPS downgrade attack.

In this type of attack, an attacker is able to replace all HTTPS links with HTTP instead, thus allowing the attacker to access sensitive information.

scandinavian-airlines-bloomberg-1200xx3000-1691-0-0

What is being exposed?

When a user registers the app and creates an account the following PII is exposed:

  •      Username
  •      Password
  •      E-mail
  •      First name, Last name
  •      Date of Birth
  •      Mailing Address
  •      Postal Code
  •      City
  •      Country
  •      Mobile phone number

What can you do?

SAS customers should avoid using the apps over public and potentially insecure Wi-Fi hotspots to minimize the risk of traffic interception.

Furthermore, businesses with staff flying via SAS should have an active mobile security service deployed to monitor for data leaks.

Wandera offers a service that leverages some new iOS features to further bolster our core threat prevention capabilities. We are now proactively able to warn a user if they are joining a potentially insecure Wi-Fi network and therefore offer even better protection from threats such as man-in-the-middle, ahead of the attack.

The latest mobile threats that you should know about

Our Threat Advisories present useful information on new mobile threats, their implications and practical steps for remediation and prevention, enabling you to swiftly address each new threat before it impacts your business.

Learn MORE

Liarna La Porta

Liarna La Porta

Liarna La Porta leads content marketing at Wandera. As Editor of Wandera’s blog, Liarna keeps the content ticking that makes Wandera a reliable news source for mobile security professionals. Her passion for helping tech start ups in all aspects of marketing and PR is reflected in the expert industry coverage she provides. An Australian adventurist at heart, Liarna has been in the Marketing and PR industry for over six years working from Melbourne, Sydney, London and San Francisco, soaking up the expertise required for her global role at Wandera.

All stories by:Liarna La Porta
Liarna La Porta

Liarna La Porta

Liarna La Porta leads content marketing at Wandera. As Editor of Wandera’s blog, Liarna keeps the content ticking that makes Wandera a reliable news source for mobile security professionals. Her passion for helping tech start ups in all aspects of marketing and PR is reflected in the expert industry coverage she provides. An Australian adventurist at heart, Liarna has been in the Marketing and PR industry for over six years working from Melbourne, Sydney, London and San Francisco, soaking up the expertise required for her global role at Wandera.

All stories by:Liarna La Porta