Maine EMS Apps Plaintext Data Transmission
Summary
The Maine EMS Android ans iOS apps send login credentials without
encryption.
Android App
I have Burp set up as a proxy for my
Genymotion Android emulator.
Here's the app:
Sending test credentials:
Harvesting them from Burp:
iOS App
I installed the app on an
iPad and networked it through
a Mac computer, using this procedure:
Making an SSL Auditing Proxy with a Mac and Burp
Here's the app:
Sending test credentials:
Harvesting them from Burp:
Notification
I sent this message on 6-10-15:
Posted 6-10-15 by Sam Bowne