Appvigil App Vulnerability Scanners for Zomato - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Appvigil App Vulnerability Scanners for Zomato

Description:

Appvigil Advanced automated Mobile App Vulnerability Scanner Tools. – PowerPoint PPT presentation

Number of Views:59

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Appvigil App Vulnerability Scanners for Zomato


1
API Vulnerability Bullet Dodged
2

Mobile Reputation Protection Suite
Whats Zomato
  • Zomato is an online restaurant search and
    discovery service providing information on home
    delivery, dining-out, cafés and nightlife in
    cities of India and 21 other countries.
  • The site has an Alexa rank of 1,210 in the world
    and 146 in India
  • as of June 2015.
  • Features
  • Find the best restaurants nearby
  • Detailed restaurant info, and thousands of
    scanned menus
  • Follow foodies for trusted reviews
  • Create your own personal food diary

3

Mobile Reputation Protection Suite
Zomato Statistics
  • Presence in 106 cities across 13 countries
  • Approximate user base of 62.5 million
  • Base of 255,700 restaurants on their portal.

4

Mobile Reputation Protection Suite
Hack Details
  • While creating an account, a user can store his
    phone number, addresses, date of birth, link
    Instagram account etc. In one of the API call,
    the user data was reflected based on the
    "browser_id" parameter in the API request.
  • Changing the "browser_id" sequentially resulted
    in data leakage of other Zomato users.
  • The data leaked also had Instagram access token
    which could be used to see private photos on
    Instagram of respective Zomato users.

5

Mobile Reputation Protection Suite
Vulnerability Details
  • Insecure Direct Object References occur when an
    application provides direct access to objects
    based on user-supplied input.
  • As a result of this vulnerability, attackers can
    bypass authorization and access resources in the
    system directly, for example database records or
    files.
  • Resources can be directly accessed by modifying
    the value of a parameter used to directly point
    to an object.
  • Resources can be database entries belonging to
    other users, files in the system, and more. This
    is caused by the fact that the application takes
    user supplied input and uses it to retrieve an
    object without performing sufficient
    authorization checks.

6

Mobile Reputation Protection Suite
Vulnerable Endpoint
POST/v2/userdetails.json/XXXXX?browser_idXXXXXt
ypejourneylangenuuidpgh1evyBWv
Lsp9/JpwUpItnk8Qapp_version6.5.0.1
HTTP/1.1 Accept / Content-Length
214 Accept-Encoding gzip, deflate
X-Zomato-API-Key XXXXXXX Content-Type
application/x-www-form-urlencoded User-Agent
Zomato/5.0 Host 1api.zomato.com Connection
Keep-Alive Cache-Control no-cache langenuuid
pgh1evyBWvL2Bsp92FJpwUpItnk8Q3Dclient_idZomat
o_WindowsPhone8_v 2app_version6.5.0.1device_ma
nufacturerNOKIAdevice_nameNOKIA2520Lumia25201
02 0access_tokenxyz Replacing the XXXXX with
victim's user id in the above request led to
information disclosure.
7

Mobile Reputation Protection Suite
Ease of Exploitability
  • You can easily get userid of any zomato user by
    visting their profile. They are public and
    appended to your profile url.
  • This bug was responsibly disclosed to Zomato and
    was fixed within few minutes by the engineering
    team.

8

Mobile Reputation Protection Suite
About The Hacker
  • Anand Prakash is the man behind the discovery and
    reporting of this vulnerability to zomato.
  • He is currently working as a security engineer at
    Flipkart in Bangalore
  • His past experience includes working with Haryana
    Police in cyber crime investigation and
    Penetration testing at e-billing solution.
  • He works as a network engineer in well known
  • telecom solution provider.

9

Mobile Reputation Protection Suite
Disclosure Timeline
  • June 1, 2015 0929 PM Report sent to Deepinder
    Goyal, CEO
  • June 2, 2015 1254 PM Added Gunjan Patidar,
    CTO and Shrey Sinha to the mail thread
  • June 2, 2015 104 PM Bug acknowledged by
    Gunjan Patidar
  • June 2, 2015 201 PM Confirmation of
    vulnerability fix from Gunjan Patidar

10

Mobile Reputation Protection Suite
Whats Appvigil
Appvigil, an integrable Mobile Reputation
Protection Suite for Mobile Apps
11

Mobile Reputation Protection Suite
How?
Appvigil is an automated cloud based Mobile App
security scanner which enables enterprises
identify security vulnerabilities loopholes in
their mobile apps and fix them Helps you locate
the exact security bugs in mobile apps
Static Analysis
Dynamic Analysis
Network Analysis
Bytecode structure of the app is analyzed to
look for any vulnerable connection
Run time behaviour of an app is tested against
the vulnerabilities in emulated hacking
environment
Capturing all communication packets that the app
functions with complete request response details
12

Mobile Reputation Protection Suite
Reach us
A Product by
Email hello_at_appvigil.co Web appvigil.co FB
fb.com/appvigil Twitter _at_appvigil_co
About PowerShow.com