Mumbai, December 9, 2024 –A Tinxy app flaw exposes users’ sensitive data due to plaintext storage vulnerabilities. CERT-In urges immediate updates to protect against potential misuse.
A major vulnerability in the popular Tinxy IoT mobile application has left users’ sensitive data, including usernames, email addresses, and phone numbers, exposed to potential hackers.
The flaw, confirmed by the Indian Computer Emergency Response Team (CERT-In), has sparked widespread concern among cybersecurity experts and users alike.
The vulnerability, identified as CVE-2024-12094, affects all Tinxy app versions prior to 663000. It stems from the storage of sensitive user data in plaintext on devices, making it easy for attackers with physical access to exploit.
cybersecurity expert Shravan Singh, who initially reported the issue said:
This breach highlights a lack of encryption standards that should have been mandatory for such applications.
CERT-In’s advisory noted that the flaw is particularly dangerous on rooted or jailbroken devices, where attackers can navigate the file system and retrieve unprotected data. Although the breach requires physical access, the risks of data misuse, including phishing and impersonation attacks, are significant.
Users must act immediately by updating their apps and avoiding practices like jailbreaking.
Tinxy has since released a patched version, urging all users to upgrade to mitigate the vulnerability.
This breach underscores the critical importance of strong encryption and secure data storage in IoT applications.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
