Arena, IT Security: hard-coded backdoor in the application

1
1

Dear Support Team,

We are planning to use Open Foris Arena Mobile on Android in our environment. As we work in an administrative network, we are obliged to have the app tested and approved by the responsible CISO.

Now the test report has come back with the feedback that the app is not approved. We can safely ignore many of the comments. However, when reviewing the audit report in the OWASP summary (pages 5 and 6), we noticed points M6 and M9. These state that there is a hard-coded backdoor in the application that allows a user to gain full access to the smartphone. Understandably, this is not allowed for IT security reasons.

Are you aware of this backdoor? What can we do to close this vulnerability?

I would love to hear from you. You can download the report here: https://ldi-safe.rlp.de/index.php/s/ocJRCn6kNBXfXfd.

Best regards, Markus Klein

asked 20 Mar, 14:29

mklein's gravatar image

mklein
311
accept rate: 0%

2 Answers:
active answersoldest answersnewest answerspopular answers
0

Dear Markus,
We will contact you to your private email address to better understand this issue and to get access to the report (the link doesn't work).
Many thanks,
Open Foris Team

permanent link

answered 20 Mar, 15:26

Stefano%20%28OF%29's gravatar image

Stefano (OF) ♦♦
4.7k19
accept rate: 20%

0

Sorry, here is the correct link... https://ldi-safe.rlp.de/index.php/s/ocJRCn6kNBXfXfd

permanent link

answered 20 Mar, 15:38

mklein's gravatar image

mklein
311
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×27

question asked: 20 Mar, 14:29

question was seen: 241 times

last updated: 20 Mar, 15:38

Related questions

OF Arena Mobile: Sequence of attributes, update/replace updated records

OF Arena: Boundary points to polygons as in Collect

OF Arena AND Collect Mobile: 'read only' attributes not 'selectable'

remove data row instead of deletion for data editors.

Open Foris arena and Arena mobile (official and unofficial)

Navigation Based on input Coordinate

Works with arena desktop but not with arena mobile

Arena mobile (official and unofficial)

OpenForis Arena Mobile - v1.0.18 - Release

OF Arena Mobile: Images are uploaded to the cloud but cannot be opened