More Apps Found To Break HTTPS

When it rains, it pours.  With vulnerabilities this is often true.  Shortly after last week’s reveal that Lenovo shipped devices with the Superfish SSL cert bypassing software the security researchers have come forward warning of 12 more that do the same.

The list includes one that is identified by Symantec as a trojan:

  1. Trojan.Nurjax
  2. System Alerts
  3. Arcade Giant
  4. Optimizer Monitor
  5. Catalytix Web Services
  6. Cart Crunch Israel LTD
  7. Say Media Group LTD
  8. Over the Rainbow Tech
  9. Wired Tools LTD
  10. Objectify Media Inc
  11. SecureTeen
  12. Komodia Keep My Family Secure
  13. Kurupira Webfilter

And it gets worse.  Many of these are protected by a password, but that password is the name of the company: “komodia.”  This opens up user systems to Man in the Middle (MitM) attacks and exposes data.


Post by Protocol 46