Monday, March 13, 2023
HomeCyber SecurityShein's Android App Caught Transmitting Clipboard Knowledge to Distant Servers

Shein’s Android App Caught Transmitting Clipboard Knowledge to Distant Servers


Mar 07, 2023Ravie LakshmananPrivateness / Knowledge Breach

An older model of Shein’s Android utility suffered from a bug that periodically captured and transmitted clipboard contents to a distant server.

The Microsoft 365 Defender Analysis Group mentioned it found the issue in model 7.9.2 of the app that was launched on December 16, 2021. The problem has since been addressed as of Could 2022.

Shein, initially named ZZKKO, is a Chinese language on-line quick vogue retailer primarily based in Singapore. The app, which is at the moment at model 9.0.0, has over 100 million downloads on the Google Play Retailer.

The tech large mentioned it is not “particularly conscious of any malicious intent behind the conduct,” however famous that the operate is not essential to carry out duties on the app.

Shein Android App

It additional identified that launching the applying after copying any content material to the system clipboard robotically triggered an HTTP POST request containing the information to the server “api-service[.]shein[.]com.”

To mitigate such privateness dangers, Google has additional made enhancements to Android in recent times, together with displaying toast messages when an app accesses the clipboard and barring apps from getting the information until it’s actively working within the foreground.

WEBINAR

Uncover the Hidden Risks of Third-Get together SaaS Apps

Are you conscious of the dangers related to third-party app entry to your organization’s SaaS apps? Be part of our webinar to be taught in regards to the kinds of permissions being granted and how you can reduce danger.

RESERVE YOUR SEAT

“Contemplating cell customers typically use the clipboard to repeat and paste delicate data, like passwords or cost data, clipboard contents will be a beautiful goal for cyberattacks,” researchers Dimitrios Valsamaras and Michael Peck mentioned.

“Leveraging clipboards can allow attackers to gather goal data and exfiltrate helpful information.”

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



Previous articleWhat’s Digital Divide?
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments