A static analysis conducted by Leakd is now suggesting that AirAsia’s official app is riddled with poor security and multiple privacy issues. Not only that, but threat actors have reportedly been able to fraudulently gain access to payment card details of several customers who used the app.
One AirAsia App user, who goes by the handle pastDepth9102 on Reddit, wrote in November that someone had tried to use their card for purchases in a Walmart outside of their home country. “This (credit card) has never been used anywhere else.”
Another user, firealno9, said that they received a card authorisation request from Walmart as well, directly after they had booked a flight used the AirAsia app. Fortunately, knowing that their credit card details had been compromised, they promptly cancelled the card.
Leakd’s analysis revealed that the AirAsia app is putting out excessive requests for permissions such as READ_PHONE_STATE. It’s this request that supposedly allows threat actors to gather sensitive data from an individual’s device.
Leakd’s static analysis also revealed that the app had poor security practices and vulnerabilities which expose sensitive user data, weakening the app’s overall security structure. “Key issues include logging sensitive information, insecure WebView implementations, and the use of outdated or weak cryptographic algorithms such as MD5, SHA-1, and ECB mode encryption. Furthermore, the app demonstrates insecure handling of data storage, with world-readable and writable permissions on certain files, which could lead to unauthorized access or modification by malicious applications.”
At the time of writing, AirAsia has yet to officially comment on its app and its security flaws. In the mean time, you can do your part in staying financially safe by adopting the appropriate measures, including blocking your cards if they’ve been compromised, staying vigilant and monitoring your monetary transactions, and keeping your mobile devices up-to-date with the latest Android or iOS versions. Oh, and don’t click on any suspicious links, too.
