Task #12991: [ANDROID] - Pentest - I1 - Application Allows Use of Third-Party Keyboards - BSN CDB Support - Penril Support System

Task #12991

Support #12933: [SCP ID :##6249##] : Mobile Pentest Remediation

[ANDROID] - Pentest - I1 - Application Allows Use of Third-Party Keyboards

Added by Nurul Athira Abdul Rahim over 2 years ago. Updated over 1 year ago.

Status:

User Acceptance Test

Start date:

May 11, 2022

Priority:

Normal

Due date:

Assignee:

Binti Marobi Athirah Umairah

% Done:

100%

Category:

PCI DSS - Pentest

Spent time:

Target version:

Description

The application allows the use of third-party keyboards when entering sensitive data. A malicious third-party keyboard could spy and log users' input.

Action Plan:
Already set the program following the reported issue on last Pentest scanning.

Aina need to review the code.

WhatsApp Image 2022-05-19 at 10.13.59 AM.jpeg (80.8 KB) MUHAMMAD IHSAN, May 31, 2022 14:41

Internal Test Results_SCPID #6249_ANDROID I1.docx (179 KB) Nurul Syahirah Md Nawi, June 03, 2022 10:16

History

#1 Updated by Rahmat Aina Nadia over 2 years ago

Assignee changed from Rahmat Aina Nadia to MUHAMMAD IHSAN

#2 Updated by MUHAMMAD IHSAN over 2 years ago

File WhatsApp Image 2022-05-19 at 10.13.59 AM.jpeg added
Status changed from New - Begin Life Cycle to Finished Development
% Done changed from 0 to 100

Alert to notify users that they are using a third-party keyboard is already implemented.

#3 Updated by Rahmat Aina Nadia over 2 years ago

Assignee changed from MUHAMMAD IHSAN to Nurul Syahirah Md Nawi

#4 Updated by Nurul Syahirah Md Nawi over 2 years ago

Status changed from Finished Development to Internal Testing

#5 Updated by Nurul Syahirah Md Nawi over 2 years ago

File Internal Test Results_SCPID #6249_ANDROID I1.docx added

Tested & passed

#6 Updated by Nurul Syahirah Md Nawi over 2 years ago

Status changed from Internal Testing to System Integration Test

#7 Updated by Nurul Syahirah Md Nawi over 2 years ago

File Internal Test Results_SCPID #6249_ANDROID I1.docx added

#8 Updated by Nurul Syahirah Md Nawi over 2 years ago

File deleted (~~Internal Test Results_SCPID #6249_ANDROID I1.docx~~)

#9 Updated by Nurul Athira Abdul Rahim over 1 year ago

Status changed from System Integration Test to Pending UAT Deployment
Assignee changed from Nurul Syahirah Md Nawi to Rahmat Aina Nadia

Please deploy this fixes to UAT.

Thanks

#10 Updated by Rahmat Aina Nadia over 1 year ago

Status changed from Pending UAT Deployment to User Acceptance Test
Assignee changed from Rahmat Aina Nadia to Binti Marobi Athirah Umairah

Hi Umai,

kindly refer to the link below for the UAT APK. The APK link in the google sheet is also updated.

https://drive.google.com/file/d/1IaK9xpXygbTlXJWvJZZxvToz1U_Gamqi/view?usp=share_link

Also available in: Atom PDF

B - Production Support » BSN CDB Support

Issues