Two Greek researchers Dimitris Chatzidimitris and Anastasis Vassiliadis managed to identify a security gap in the Android application of the Athens International Airport,
which allowed them to download and bypass the application's Anti-VM and Anti-Debug security, resulting in the detection of a Secret Key in the source code.
"After that we did not proceed further with a possible access to the particular service that used the Secret Key, since we had already confirmed the weakness in the security of the Android application."
Here are the details of the application where the security gap was detected:
App Name: ATH Airport
Package Name: gr.aia.athairport
File Name: ATH Airport_2.7.1_apkcombo.com.apk
Main Activity: gr.aia.athairport.AIASplashActivity
Target SDK: 28
Min SDK: 19
Android Version Name: 2.7.1
Android Version Code: 99
The information remains available to those directly interested, from the researchers themselves but also from iguru.gr.
Information about vulnerabilities discovered in organizations is considered extremely necessary (especially when they exist in websites with high traffic and contain sensitive user data), and for us at iGuRu.gr they are an immediate priority.
We hope that in this way we contribute to a safer internet.