Bishop Fox Uncovers Security Flaws in Mass Transit Mobile Apps

Posted on Aug 6, 2019 2:12:34 PM

Bishop Fox has uncovered an alarming number of security flaws in most major cities’ mass transit apps. Specifically, Senior Security Engineer Priyank Nigam found significant vulnerabilities in the mobile apps for Amtrak and Greyhound Lines, Inc. He presented his research, “Reverse Engineering Mobile Apps: Never Pay for Transit Again,” at the 2019 BSides Las Vegas conference.

Successful exploitation of mobile mass transit apps can range from the relatively harmless “stealing” (or forging) of e-tickets to the critical exposure of customer PII information and account takeovers. Mobile apps are often synonymous with thick clients – meaning they run locally and cannot trust their runtime, and come with the same vulnerabilities as their ancestors.

Read the full press release here. As well, you can check out Priyank Nigam's research at our advisories page.


Topics:Press Releases


Submit a Media Request

Please get in touch with our PR Team for any press or PR related inquiries.



Subscribe to Updates