Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Flash Seats ticketing app users could get scalped by a MITM attack

The Flash Seats Mobile App for iOS, a sports and entertainment ticket management app, is vulnerable to man-in-the-middle attacks due to improper validation of SSL certificates provided by HTTPS connections. According to a vulnerability advisory by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University's Software Engineering Institute, there is no current patch.

Attacks who exploit this flaw, which is officially designated CVE-2017-3190, may be able to obtain sensitive account information such as login credentials, the CERT/CC warned on Wednesday.

To overcome this problem, the CERT/CC recommends using Flash Seats' website version instead of its mobile app. Users who risk using the app should at least avoid using public WiFi and other untrusted networks.

"We are aware of this issue and the fix has already been implemented and is now available in the App Store, closing identified vulnerabilities related to MITM access. We have alerted CERT of the update they have updated their notice to reflect the fix," Jusin Jimenez, a spokesman for AXS, parent company to Flash Seats told SC Media on March 15.

Will Dormann, a vulnerability analyst the CERT/CC, is credited with discovering the vulnerability.

US CERT has also noted that an updated has been issued.

Update includes news that the company was made aware of the problem and issued an update correcting the problem.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.