The world’s top companies use wandera Learn Why Try Wandera for Free

Think before you checkout with this online retailer

Think before you checkout with this online retailer

1800 1200 Liarna La Porta

Most people are familiar with the online shopping process, it sounds much like an in-store experience. Select your items, add them to your cart and head to the checkout when you are finished browsing and ready to purchase your items. But it’s not that simple online.

There is a crucial point during the online transaction when the shopper enters their personal information and credit card details in order to complete the transaction. This is the point where they become vulnerable because they can never be sure that information is being transmitted securely and ending up in the right hands.

Wandera researchers have discovered multiple data leaks coming through the Android and iOS mobile apps of LightInTheBox. This global online retailer is listed on the New York Stock Exchange and has between one and five million users, so the impact of this vulnerability is immense.

lightinthebox

Download the LightInTheBox Threat Advisory

How does it happen?

The LightInTheBox apps expose sensitive personal data of the user when they log in and check out. Specifically, the apps use plaintext when sending user data over the network, including login credentials and mailing addresses. This results in information being transferred over an insecure connection, exposing it to any attacker or third-party observer on the network.

In addition, LightInTheBox’s mobile apps have been found to use encryption and decryption algorithms that have the associated session keys hard-coded in the app. This can result in credit card details being decrypted by an attacker.

457492066a

What’s being exposed?

PII that is exposed during a password change event on the mobile apps includes:

  • Old Password
  • New Password
  • Country

PII that is exposed during the check-out process on both Android and iOS apps includes:

  • First name,
  • Last name
  • Address
  • City
  • Postal Code
  • State
  • Country
  • Phone Number

PII that is exposed during the payment process on the mobile apps includes:

  • Credit Card Number
  • Credit Card Card Expiration Date (Month, Year)
  • CVV / Security Code

What can I do?

Avoid using the apps over public and potentially insecure Wi-Fi hotspots in order to minimize the risk of traffic interception.

Users should have an active mobile security service deployed to monitor for data leaks.

The latest mobile threats that you should know about

Our Threat Advisories present useful information on new mobile threats, their implications and practical steps for remediation and prevention, enabling you to swiftly address each new threat before it impacts your business.

Learn MORE

Liarna La Porta

Liarna La Porta

Liarna La Porta leads content marketing at Wandera. As Editor of Wandera’s blog, Liarna keeps the content ticking that makes Wandera a reliable news source for mobile security professionals. Her passion for helping tech start ups in all aspects of marketing and PR is reflected in the expert industry coverage she provides. An Australian adventurist at heart, Liarna has been in the Marketing and PR industry for over six years working from Melbourne, Sydney, London and San Francisco, soaking up the expertise required for her global role at Wandera.

All stories by:Liarna La Porta
Liarna La Porta

Liarna La Porta

Liarna La Porta leads content marketing at Wandera. As Editor of Wandera’s blog, Liarna keeps the content ticking that makes Wandera a reliable news source for mobile security professionals. Her passion for helping tech start ups in all aspects of marketing and PR is reflected in the expert industry coverage she provides. An Australian adventurist at heart, Liarna has been in the Marketing and PR industry for over six years working from Melbourne, Sydney, London and San Francisco, soaking up the expertise required for her global role at Wandera.

All stories by:Liarna La Porta