Radio City Fails to Protect User Passwords, Expert Says

Shadab Siddiqui warns that Radio City (, India’s leading FM radio brand, fails to ensure that its site’s users are protected against malicious operations.

Radio City 91.1FM started to broadcast back in July 2001 in Bangalore, currently being present in 20 cities from India. Ever since it was launched, it provided listeners a great variety of music and entertainment, but as it turns out, the company failed to make sure that its site’s users are safe.

The security expert highlights the fact that the large number of vulnerabilities present on the company’s website could allow cybercriminals to cause some serious damage.

The screenshot provided by Siddiqui shows the existence of an SQL Injection security hole that affects one of the pages of the site.

In theory, SQL Injection vulnerabilities can allow a remote attacker to compromise the site’s database and gain access to all the information that’s stored in it.

While experts say that not all SQL Injection flaws can be exploited, in this case, the Indian researcher demonstrated that he was able to gain access to tens of record sets comprising information such as usernames, clear-text passwords, and email addresses.

Radio City representatives have been contacted by Siddiqui at the beginning of April, but not only did they fail to respond, but they also failed to take any action regarding the security holes.

Ever since he became part of the Vulnerability Lab team, Shadab Siddiqui has aided a lot of high-profile companies in securing their sites against malicious plots.

First, he reported some SLQ Injection vulnerabilities to Apple. Around the same time, he identified similar weaknesses on a number of websites owned by Oracle.

Also, he independently reported security holes to Collabera and QuickHeal. These companies didn’t respond to his notification, but they rushed to fix the flaws that affected the sites. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.