SplashID Safe: Serious security flaw

Discussion in 'iOS Apps' started by luckycharms, May 23, 2012.

  1. luckycharms macrumors member

    Joined:
    Nov 25, 2010
    #1
    Hi Folks,

    I'm dissemenating the news here, because when I try to post on the SplashData forums, the moderators censor my post.

    SplashID Safe for iOS has a serious security flaw, as uncovered by the elcomsoft team: http://www.elcomsoft.com/WP/BH-EU-2012-WP.pdf

    from the whitepaper:
    I am posting this not to encourage hacking (I *use* SplashID!), but rather to force the hand of the otherwise unresponsive SplashData development team.
     
  2. iosfan macrumors newbie

    Joined:
    May 23, 2012
    #2
    Old news: that flaw in the iPhone version was fixed in release 6.1

    SplashData actually did respond to that with a new version of SplashID Safe, and pretty quickly: it was fixed in release 6.1 for iPhone and iPad. Update is free for all reg'd users on desktop and iOS.
     
  3. luckycharms thread starter macrumors member

    Joined:
    Nov 25, 2010
    #3
    I just heard back from SplashData, and you're right - they did fix it. I have no idea why they would then censor my questions on their forum, but they did, and that's unfortunate.

    I corresponded with one of the authors of the whitepaper exposing the flaw, and here's what he had to say:
     
  4. splashdata macrumors newbie

    Joined:
    May 11, 2011
    #4
    Hi luckycharms,

    As far as I know, we have not knowingly censored your posts on our forum. We do have very strict forum anti-spam rules due to an infestation earlier this year, and you may have gotten mistakenly caught in the net. If you let me know your username, I can see about approving your threads.

    As for the security issue discovered by Elcomsoft, it was fixed in 6.1, and we have been in communication with them since the release of 6.1 to further improve the security of SplashID in future updates. Version 6.2 is coming soon to address additional more minor concerns.

    Please let me know if you have any other questions.

    -Justin
    SplashData
     
  5. luckycharms thread starter macrumors member

    Joined:
    Nov 25, 2010
    #5
    thanks for the reply, justin, and glad to hear you remain in contact with the researchers. Now that the question has been answered, I'm not concerned with the content of the posts. When I posted the messages, it said they were waiting for moderator approval before being allowed through. Not sure why they never showed up on the forum, but might be nice to make sure people are able to post there without getting dumped in spam or otherwise.
     
  6. GanseTan macrumors newbie

    Joined:
    Oct 3, 2015
    #6
    Speaking of flaws, does anyone know of a flaw in SplashID Safe (Mac 10.9.5 desktop version) which allows a hack or virus to deny you access to the software? Or is this a major bug? My SplashID Safe worked for a month until last week, when a popup window asks me to go PRO subscription, and whatever I do (close it, sign up for a year, sign up for a month) it reappears if I try to access any navigation button on the software (see my data, change settings...) thereby denying my access to my data, passwords, web and bank logins. Technical support has not been able to fix this yet (11 days now) and say I will have to delete my data and reinstall. Is this a bug, a hack, a virus?
     

Share This Page