Two Greek researchers Dimitris Chatzidimitris and Anastasis Vassiliadis managed to find a security hole in Android application of Athens International Airport,
which allowed them to download and bypass the application's Anti-VM and Anti-Debug security, resulting in the detection of a Secret Key in the source code.
"After that we did not proceed further with a possible access to the particular service that used the Secret Key, since we had already confirmed the weakness in the security of the Android application."
Here are the details of the application where the security gap was detected:
Platform:Android
App Name: ATH Airport
Package Name: gr.aia.athairport
File Name: ATH Airport_2.7.1_apkcombo.com.apk
Main Activity: gr.aia.athairport.AIASplashActivity
Size: 9.02MB
Target SDK: 28
Min SDK: 19
Android Version Name: 2.7.1
Android Version Code: 99
SHA256: 8b5d9374f2dc1e8e86ba21dbc8aba1b8b4091b982796eb68b027bba78b6a4063
The information they remain available to those directly interested, from the researchers themselves but also from iguru.gr.
Information about vulnerabilities discovered in organizations is considered extremely necessary (especially when they exist in websites with high traffic and contain sensitive user data), and for us at iGuRu.gr they are an immediate priority.
We hope that in this way we contribute to one more safe Internet.
