Wednesday, April 26, 2017

Following up on yesterday's note.

Following on from yesterday's note, I did a quick scan to see if the unencrypted Enstream problem had propagated to ScotiaBank Android 17.3.2 or not.

The short answer is I did a quick check, and it's still talking to Bell over HTTP not HTTPS. 

Whilst Scotiabank has taken a step in the right direction to keep out the script kiddies from a national banking app by employing reasonable levels of obfuscation, it's still to resolve the same security problems introduced in December, posed by communicating with third parties over unencrypted urls.

No comments:

Post a Comment