News Articles

Wednesday, January 7, 2015

Security flaw on Immobilise mobile phone database is now fixed

The online database, which helps people to store their mobile phone’s IMEI number and record other valuable items, has had a significant security flaw fixed this week.

Users are able to see an online ‘certificate’ that includes their name, address and details of the property they’d registered.

However, security consultant Paul Moore discovered that changing the numbers in a web address for this certificate could reveal information about other people’s valuables.

He described it as “a nice shopping list for a would-be burglar”.

Mr Moore had contacted Recipero, the company behind the Immobilise and CheckMEND sites, in 2013 to warn them about the vulnerability. He made the news public this week after realising that the security flaw still hadn’t been fixed.

Since publicising the issue, the vulnerability has been removed.

In a statement on the website, Recipero said “We confirm that a vulnerability in a website feature was highlighted to us on 3rd January. If exploited this could have allowed a third party to view details associated with an item registration. The vulnerability was in a feature intended for use by insurers when confirming the validity of an ownership certificate given to them by a claimant. The feature was removed within 30 minutes of us becoming aware. A thorough review of our records reveals no evidence of any data leakage and therefore no requirement to contact any individual Immobilise users.”

[BBC News; Paul Moore website]

Author: The Fonecast
Rate this article:
No rating

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment


Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«February 2023»


Terms Of Use | Privacy Statement