My Bank Coupons iOS App Transmits Passwords Insecurely
Background
The
My Bank Coupons iOS app has a critical
security problem--it transmits passwords without
encryption over the Internet.
I tested this app:
![](bankcou2.png)
Insecure Transmissions
Apple says that apps
must use TLS encryption
for iOS 9.0 and later, so
I don't know how this app is even usable
anymore.
Testing Method for Network Transmission
I have Burp set up as a proxy for my
iPhone.
A login message
is shown below, with the password
exposed.
![](bankcou1.png)
I used a jailbroken iPhone running iOS
12.4.4 with no passcode.
Notification
I sent this message on 1-11-2020:
![](bankcou3.png)
![](bankcou4.png)
Posted 1-11-2020 by Sam Bowne