February 27, 2019 06:10 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T9-T00X5s_U/cryptocurrency-wallet-app-coinomi-caught-sending-user-passwords-to-googles-spellchecker
Cryptocurrency Wallet App Coinomi Caught Sending User Passwords To Google's Spellchecker
An anonymous reader shares a report: Coinomi wallet app sends user passwords to Google's spellchecking service in clear text, exposing users' accounts and their funds to man-in-the-middle (MitM) attacks during which attackers can log passwords and later empty accounts. The issue came to light yesterday after an angry write-up by Oman-based programmer Warith Al Maawali who discovered it while investigating the mysterious theft of 90 percent of his funds. Al Maawali says that during the Coinomi wallet setup, when users select a password (passphrase), Coinomi app grabs the user's input inside the passphrase textbox and silently sends it to Google's Spellcheck API service. [...] Coinomi, which offers a multi-cryptocurrency wallet app for Android, iOS, Linux, Mac, and Windows, did not respond to a request for comment.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/T9-T00X5s_U/cryptocurrency-wallet-app-coinomi-caught-sending-user-passwords-to-googles-spellchecker
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot