+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Warren Buffett's Berkshire Hathaway accused of exposing sensitive user data through flaws in its Android app

Jun 21, 2019, 16:42 IST

Berkshire Hathaway CEO Warren Buffett plays bridge during the Berkshire annual meeting weekend in Omaha, Nebraska May 3, 2015.Thomson Reuters

Advertisement
  • Warren Buffett's Berkshire Hathaway has been accused of exposing sensitive user data through flaws in its real estate app, Berkshire Hathaway HomeServices Home Search.
  • Mobile security firm NowSecure identified the flaws, which left information including phone numbers and email addresses vulnerable to attack.
  • Berkshire Hathaway told Business Insider that NowSecure tested an old version of the app and "critical vulnerabilities" have been fixed in the updated version.
  • NowSecure investigated 250 mobile apps and found that those run by firms including American Airlines and Sears also contained flaws that exposed user data.
  • Click here for more BI Prime stories.

Warren Buffett's Berkshire Hathaway has been accused of unwittingly exposing the personal information people using its real estate app.

Chicago-based mobile security firm NowSecure discovered vulnerabilities in the Berkshire Hathaway HomeServices Home Search app, as part of an investigation into the security of hundreds of apps on Google's Play Store.

The Home Search app has been downloaded more than 50,000 times through Play Store and allows users to browse real estate within the Berkshire Hathaway HomeServices network from across the US.

NowSecure told Business Insider that the app was found to "leak personal information in multiple ways," including failing to encrypt sensitive data. Information vulnerable to bad actors included usernames, phone numbers, email addresses, GPS locations, and Android IDs, NowSecure said.

Advertisement

It is not clear how many users had their data exposed and there is no suggestion from NowSecure that information fell into the wrong hands. It did not reveal the exact nature of the flaws because of concerns that the app could be targeted by hackers.

NowSecure said it carried out its responsible disclosure process with Berkshire Hathaway last month regarding the precise nature of the app's vulnerabilities. Although Berkshire Hathaway did not respond to NowSecure, it told Business Insider that any issues have now been resolved.

A spokeswoman said: "The mobile app that was tested was an outdated version. Any critical vulnerabilities were remediated in the current version."

Sears and American Airlines apps also accused of exposing user information

The Berkshire Hathaway app was one of 250 apps examined by NowSecure. As part of a report it is poised to publish next week, it examined the security of apps across five areas.

NowSecure said 92% of online retail apps, 82% of brick and mortar retail apps, 67% of travel apps, 48% of finance, and 69% insurance apps were found to "actively leak sensitive consumer data."

Advertisement

AP

Besides Berkshire Hathaway, other major Android apps found to contain vulnerabilities included those from American Airlines and Sears.

NowSecure said the Sears app exposed emails, usernames, and device IDs. Usernames, device IDs, and location data were vulnerable through the American Airlines app, it added.

NowSecure said it has carried out responsible disclosure with both American Airlines and Sears regarding the exact nature of the vulnerabilities. It said that while American Airlines has since repaired its app's flaws, Sears did not respond to its disclosure.

Sears declined to comment. American Airlines is yet to respond to Business Insider's request for comment.

Advertisement

NowSecure 'shocked' at the findings of its investigation into Android apps

NowSecure's CEO, Alan Snyder, told Business Insider his company was "shocked" at the findings. He added that the report's goal is to spread awareness among consumers regarding app security.

"Our message to consumers is, first and foremost, to be mindful that many of these apps are in fact leaking your information," Snyder said. "If you don't need that app - if it's not critical to you - then don't leave it on your device, because it's probably giving out some of your information."

Snyder also said developers need to do more to prevent vulnerabilities.

"What we see is that a lot of developers have moved over to mobile from other platforms. So they're just not as familiar with mobile, and they're making very repetitive, common mistakes," he said.

"Quite frankly, web and mobile are just different. Developers are making mistakes on the assumption that mobile is going to work the same as what they were used to, and that's a terrible assumption."

Advertisement

NOW WATCH: It's time for iTunes to die, even though it was key to Apple's early success

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article