Task #12976

Support #12933: [SCP ID :##6249##] : Mobile Pentest Remediation

[IOS] - L3 - Sensitive Information Leaked in Logs (Unintended Data Leakage)

Added by Nurul Athira Abdul Rahim over 2 years ago. Updated over 1 year ago.

Status:User Acceptance TestStart date:May 10, 2022
Priority:NormalDue date:
Assignee:Binti Marobi Athirah Umairah% Done:

100%

Category:PCI DSS - PentestSpent time:-
Target version:-

Description

Unintended data leakage occurs when a developer inadvertently places sensitive information or data in a location on the mobile device that is easily accessible by other apps on the device.

LGMS security team inspected the logs on the mobile device and discovered sensitive information such as bearer token, username, address, email, phone no, transaction details, bank account details, encrypted/hashed password being logged by the application.

Action Plan:
To check and hide sensitive data.

Log file.png (179 KB) Bin Hamzah Muhammad Fadhly , July 18, 2022 12:11

OS_ACTIVITY_MODE.png (147 KB) Bin Hamzah Muhammad Fadhly , July 18, 2022 12:11

Internal Test Results_SCPID #6249_Pentest L3.docx (814 KB) Nurul Athira Abdul Rahim, July 29, 2022 11:56

History

#1 Updated by Susanto Felix Brilliant about 2 years ago

  • Assignee changed from Susanto Felix Brilliant to Bin Hamzah Muhammad Fadhly

#2 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago

  • % Done changed from 0 to 100

#3 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago

  • Status changed from New - Begin Life Cycle to Development / Work In Progress

#4 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago

  • Status changed from Development / Work In Progress to Finished Development
  • % Done changed from 100 to 90

#5 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago

  • % Done changed from 90 to 100

#6 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago

Created a custom log file to filter all Prints and Logs.
The logs can also be disabled by changing OS_ACTIVITY_MODE to disable. While OS_ACTIVITY_MODE changed to debug for debugging.
Product -> Scheme -> Edit Scheme -> OS_ACTIVITY_MODE = disable

#7 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago

  • Status changed from Finished Development to Internal Testing
  • Assignee changed from Bin Hamzah Muhammad Fadhly to Nurul Athira Abdul Rahim

#8 Updated by Nurul Athira Abdul Rahim about 2 years ago

  • Status changed from Internal Testing to System Integration Test

#10 Updated by Nurul Athira Abdul Rahim over 1 year ago

  • Status changed from System Integration Test to Pending UAT Deployment
  • Assignee changed from Nurul Athira Abdul Rahim to Bin Hamzah Muhammad Fadhly

Please deploy this fixes to UAT.

Thanks

#11 Updated by Bin Hamzah Muhammad Fadhly over 1 year ago

  • Status changed from Pending UAT Deployment to User Acceptance Test
  • Assignee changed from Bin Hamzah Muhammad Fadhly to Binti Marobi Athirah Umairah

Done deployed to UAT and provided link to download.

version 3.3.1 build 341 Internal BSN
https://testflight.apple.com/join/GVdD3RT2

version 3.3.1 build 340 VPN Penril
https://testflight.apple.com/join/CdjMcH3f

Also available in: Atom PDF