KIK Messenger Password Disclosure

2013-04-19T00:00:00
ID PACKETSTORM:121364
Type packetstorm
Reporter Wouter van Rooij
Modified 2013-04-19T00:00:00

Description

                                        
                                            `KIK Messenger stores password in plain text  
  
  
  
This is the conclusion of Mobile Security Company, a Dutch organisation  
specialized in security audits of mobile applications.   
  
  
  
The username and password are stored in the com.kik.chat.plist file.   
  
This file can be viewed on a jailbroken device or when having access to the  
iTunes backup.   
  
  
  
Wouter van Rooij, iOS security expert at Mobile Security Company states that  
storing passwords in plain text in a .plist file is by far the most unsafe  
option to handle passwords.   
  
  
  
Of course Mobile Security Company tried to report the issue to KIK  
interactive, the organization behind KIK messenger.  
  
Van Rooij is very surprised that KIK interactive didn't respond. It is in  
the interest of all 50 million KIK messenger users that this issue will be  
solved.   
  
  
  
`