Texas Poker (Texas Hold’em) – Poker Fans Gambling with App Credentials
iOS users should be very aware of how iOS apps handle their authentication credentials. The potential for both financial and personal data loss is high.
To this end, Bitdefender is starting a series of short stories looking at the behavior of various iOS apps, using data from Clueful – the Bitdefender web app that tells you how your iOS apps are behaving.
Texas Poker (Texas Hold’em) broadcasts usernames and passwords in plaintext or MD5-encrypted, according to analysis by Bitdefender Labs. Recent data leaks condemned large corporations for storing passwords and usernames either in plaintext or with poor encryption, while some iOS apps have been broadcasting credentials like this for a while.
Although sending usernames and passwords with MD5 encryption is relatively secure, plenty of online automated tools with millions of cracked hashes can “guess” your credentials. Hashes for common usernames and passwords can easily be matched, thus the risk of having your credentials stolen is still high.
When authenticating into your Texas Poker (Texas Hold’em) account over a secured or unsecured Wi-Fi network, the risk of someone with minimum hacking experience intercepting your credentials is high. Considering gamblers can purchase in-game virtual chips with real money, it would be extremely unfortunate if someone were to spy while you sign in to your account.
At the very least, if an attacker were to hijack your profile, he could gamble the chips you bought and set you back a hefty amount. Credit purchases range from 1.59 euros to 23.99 euros, although an avid gambler would probably purchase more than that, deepening the loss.
Using encrypted authentication credentials should be a minimum security standard for protecting user data. Since iOS developers have only a set of best practices instead of clear “don’ts,” a lot of App Store applications lack credential encryption.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the technical information provided courtesy of Bitdefender Labs.