Mysejahtera Exploits Allow Others To Send Out Fake Emails Otp Messages Expert


 


The MySejahtera app has been revealed to have security vulnerabilities that allow anyone to send out emails or one-time passwords (OTP) on behalf of the app, leading to concerns over personal data breaches.
The MySejahtera team has since said they have blocked the exploit that made it possible to send out OTPs on behalf of the app and is in the midst of enhancing the app’s security. They have yet to address the email exploit.
The matter was first brought to Malaysiakini’s attention by full-stack developer Phakorn Kiong, who had initially highlighted the issue in several postings online.
“In usual design, there are supposed to be ‘keys’ where the server can use to identify who is calling the server (as a form of authentication).
“The problem with this design is there are no ‘locks’ implemented. Anyone can come in and abuse the APIs (application programming interface).
“With this exploit, I can send emails on behalf of MySejahtera, as you may have received,” Kiong said to Malaysiakini.
APIs are software intermediaries that allow two applications to talk to each other.
Possible to extract personal information
Kiong had also earlier sent an email on behalf of MySejahtera to Malaysiakini to prove the vulnerabilities existed.
He said this exploit could potentially be used by “bad-faith actors” to send out emails with bad intentions from an official-sounding source.
This is because the content of the email can be altered through the exploit and in some cases, files can also be attached to the email.
Meanwhile, the OTP issue was first brought up on the popular lowyat.net forum.
Kiong said it is also possible for people to extract phone numbers and emails registered with the MySejahtera Check-In feature through the security exploit.
“Imagine the amount of exposure. Most premises in Malaysia now need to register for the MySejahtera Check-In to create the QR code,” he said.
The MySejahtera team said last night that they have been receiving complaints about people receiving unsolicited OTP messages to verify their phone number for the check-in QR registration.
The team said their investigation found that the check-in QR registration feature, which was meant for business premises, has been misused by “malicious scripts” to send OTP to random phone numbers.
“Since then, these API endpoints are blocked and a fix to enhance security will be moved tonight.
“We want to reassure all our users that no user data was accessed by these scripts but random phone numbers were spammed to verify their phone number. We apologise for this inconvenience,” the MySejahtera team said in a statement last night.
While they appear to have addressed the OTP issue, a number of people reported receiving fake emails from the MySejahtera email address this morning.

Some were told they had been confirmed positive for Covid-19 followed by an acknowledgement that this was a joke and was sent out due to an exploit in the system.

Others received emails from the MySejahtera email address that included a popular meme involving British singer Rick Astley and his song ‘Never Gonna Give You Up’.

The MySejahtera team has said it will issue an updated statement on this matter later today.

'Door wide open'
Kiong told Malaysiakini today that the issue has been partly addressed by the MySejahtera team as they have added a reCAPTCHA system to prevent scripts and bots from abusing the app.
However, Kiong said this is not an effective solution as there are cheap services that can bypass the reCAPTCHA system and it also does not stop humans from exploiting the security vulnerabilities.
“I want them to fix it once and for all. I can still send out fake emails with the reCAPTCHA system in place.
“They (MySejahtera) are supposed to implement more checks. It is like a door that is wide open and they have just closed the door a little bit. There isn’t even a padlock,” he said.
Those who are interested in a more detailed and technical explanation of the security vulnerabilities can find Kiong’s postings on the matter here and here. - Mkini


Artikel ini hanyalah simpanan cache dari url asal penulis yang berkebarangkalian sudah terlalu lama atau sudah dibuang :

http://feedproxy.google.com/~r/MalaysiansMustKnowTheTruth/~3/LuDkdnvKrhY/mysejahtera-exploits-allow-others-to.html

Kempen Promosi dan Iklan
Kami memerlukan jasa baik anda untuk menyokong kempen pengiklanan dalam website kami. Serba sedikit anda telah membantu kami untuk mengekalkan servis percuma aggregating ini kepada semua.

Anda juga boleh memberikan sumbangan anda kepada kami dengan menghubungi kami di sini
Mysejahtera Spam Emails Otp Messages Not Due To Database Leak Health Ministry

Mysejahtera Spam Emails Otp Messages Not Due To Database Leak Health Ministry

papar berkaitan - pada 21/10/2021 - jumlah : 198 hits
The Health Ministry has denied that spam emails and unsolicited one time passwords sent out from MySejahtera were due to a database leak Instead it said the incidents were due to the abuse of the application programming interfaces which are...
Daniel Craig Janji Knives Out 2 Berbeza Dari Filem Pertama

Daniel Craig Janji Knives Out 2 Berbeza Dari Filem Pertama

papar berkaitan - pada 12/10/2021 - jumlah : 249 hits
Pelakon Daniel Craig mendedahkan yang filem Knives Out 2 akan menjadi lebih lain dari yang lain berbanding filem pertama yang diterbitkan pada 2019 Daniel Craig memegang watak detektif Benoit Blanc yang mana berjaya membawa kejayaan kepada ...
Fire Breaks Out At Kek Lok Si Temple In Wee Hours Of Tuesday

Fire Breaks Out At Kek Lok Si Temple In Wee Hours Of Tuesday

papar berkaitan - pada 12/10/2021 - jumlah : 218 hits
GEORGE TOWN A part of Kek Lok Si Temple on the hill was badly damaged after a fire broke out during wee hours of Tuesday In a statement the Fire and Rescue Department said it was alerted to the fire at about 2 56am Tuesday Firemen from the ...
Burnt Out Sarikei Frontliners Wish They Get Covid 19 So They Could Sleep

Burnt Out Sarikei Frontliners Wish They Get Covid 19 So They Could Sleep

papar berkaitan - pada 10/10/2021 - jumlah : 302 hits
Frontliners at Sarikei Hospital in Sarawak are experiencing burnout due to heavy workload according to inside sources to an extent that some doctors believed they might be better off if they are down with Covid 19 The sources claimed that f...
Taxman Files To Strike Out Shafee S Counterclaim

Taxman Files To Strike Out Shafee S Counterclaim

papar berkaitan - pada 13/10/2021 - jumlah : 133 hits
The Inland Revenue Board now seeks to strike out Muhammad Shafee Abdullah s counterclaim against it linked to the former s RM9 41 million tax suit against the lawyer Acting for the government IRB contended that Shafee s counterclaim against...
Makan Shell Out Untuk 2 Pax Di Dapo See Labu Telok Panglima Garang

Makan Shell Out Untuk 2 Pax Di Dapo See Labu Telok Panglima Garang

papar berkaitan - pada 10/10/2021 - jumlah : 549 hits
Secara kebiasaannya apabila penulis ingin menikmati makanan laut yang pelbagai adalah dengan mencari hidangan steamboat dan grill Shell Out 2 Pax Dapo See LabuNamun dengan wujudnya hidangan yang dipanggil sebagai Shell Out maka kepelbagaian...
Yoursay Make Malacca Polls Safe So Rakyat Can Kick Out Betrayers

Yoursay Make Malacca Polls Safe So Rakyat Can Kick Out Betrayers

papar berkaitan - pada 9/10/2021 - jumlah : 287 hits
YOURSAY We ve come a long way in Covid knowledge since Sabah ManOnTheStreet Health Ministry director general Dr Noor Hisham Abdullah as the top technocrat in the ministry please take some proactive steps to make it a safe state election If ...
Dinner Shell Out Di Rumah

Dinner Shell Out Di Rumah

papar berkaitan - pada 14/10/2021 - jumlah : 395 hits
Dinner Shell Out Di Rumah Alhamdulillah rezeki dari makan tengahari sampai ke makan malam Mommy Ngah sponsor lauk kami Makan tengahari dia bagi ketam masak sos Habis licin Ketam memanglah favourite budak dua ketul ni CUma kadanag kadang Umm...
Resipi Shell Out Simple Memang Sedap Menjilat Jari

Resipi Shell Out Simple Memang Sedap Menjilat Jari

papar berkaitan - pada 18/10/2021 - jumlah : 507 hits
Jika anda penggemar resepi shell out ini antara yang boleh anda cuba kerana ia menjimatkan masa Malah sajian sebegini paling sesuai dimakan bersama sama ahli keluarga yang ramai Nak buat pun mudah je yang penting guna bahan segar Pasti puas...
Makan Steamboat Dapat Henna Free

15 Kafe Di Johor Bahru Instagrammble Muslim Friendly

Suspek Buruan Kes Samun Toreh Dicekup

A Botched Shot

Antara Projek Pungguk Rindu Bulan Tilapia M Sia Pro Hamas

Sarawak And Malaysia Can T Afford Escalating O G Disputes

Isu Calon Perdana Menteri Kembali Menjadi Tegang Di Kalangan Pemimpin Pn

Worldcoin Dan Ai


echo '';
Info Dan Sinopsis Drama Berepisod Lara Kasih Slot Samarinda TV3

Senarai Lagu Tugasan Konsert Minggu 2 Gegar Vaganza 2024 Musim 11

Keputusan Markah Peserta Konsert Minggu 1 Gegar Vaganza 2024 Musim 11

Senarai Lagu Tugasan Konsert Minggu 1 Gegar Vaganza 2024 Musim 11

Info Dan Sinopsis Drama Berepisod Dhia Kasyrani Slot Akasia TV3


Resepi Spaghetti Seafood Marinara

Drama Skuad X Lakonan Imran Aqil Yusof Hashim

Enjoy The Rhythm Of Life A Nature Inspired Residence In Hefei China

Hopes Of The Chinese For Pn

Mara Beli Hartanah Terlebih Nilai Di Uk Australia Meskipun Ditolak Mof

Ikut Sop Tampal Lubang Jalan Dalam Tempoh 24 Jam Kkr Seru Syarikat Konsesi