News Articles

Wednesday, January 7, 2015

Security flaw on Immobilise mobile phone database is now fixed

The Immobilise.com online database, which helps people to store their mobile phone’s IMEI number and record other valuable items, has had a significant security flaw fixed this week.

Users are able to see an online ‘certificate’ that includes their name, address and details of the property they’d registered.

However, security consultant Paul Moore discovered that changing the numbers in a web address for this certificate could reveal information about other people’s valuables.

He described it as “a nice shopping list for a would-be burglar”.

Mr Moore had contacted Recipero, the company behind the Immobilise and CheckMEND sites, in 2013 to warn them about the vulnerability. He made the news public this week after realising that the security flaw still hadn’t been fixed.

Since publicising the issue, the vulnerability has been removed.

In a statement on the Immobilise.com website, Recipero said “We confirm that a vulnerability in a website feature was highlighted to us on 3rd January. If exploited this could have allowed a third party to view details associated with an item registration. The vulnerability was in a feature intended for use by insurers when confirming the validity of an ownership certificate given to them by a claimant. The feature was removed within 30 minutes of us becoming aware. A thorough review of our records reveals no evidence of any data leakage and therefore no requirement to contact any individual Immobilise users.”

[BBC News; Paul Moore website]

Print
Author: The Fonecast
0 Comments
Rate this article:
No rating

Categories: Handsets and manufacturers, Retailing, NewsNumber of views: 2207

Tags: uksecurityinternetimmobilise

Leave a comment

Name:
Email:
Comment:
CAPTCHA image
Enter the code shown above in the box below.
Add comment

Name:
Email:
Subject:
Message:
x

Follow thefonecast.com

Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«September 2016»
MonTueWedThuFriSatSun
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789

Archive

Terms Of Use | Privacy Statement