76.2 F
Washington D.C.
Wednesday, July 24, 2024

Instacart Patches SMS Spoofing Vulnerability Discovered by Tenable Research

As grocery delivery services have seen an increase in traffic from users during the coronavirus pandemic, Tenable Research identified an SMS spoofing flaw that could have allowed an attacker to send spoofed messages to any mobile number.

On May 1, Instacart, the popular grocery delivery and pickup service that saw a ten-fold boost in sales growth in March 2020, patched an SMS spoofing vulnerability that could have been exploited by attackers to send malicious links to arbitrary phone numbers by abusing a feature on Instacart’s website. This vulnerability was identified and reported to Instacart by Jimi Sebree, staff engineer with Tenable’s Zero Day Research Team.

Users who visit popular services via a web browser may be prompted to download the mobile application on their device as a more user-friendly alternative. Some websites offer users the option to send themselves a text message with a link to download the application.

On Instacart, after a user has placed an order via the company’s website, they’re directed to a page offering them the ability to “upgrade” their experience using the Instacart mobile app. Users are asked to provide their mobile number to receive a short message service (SMS) message with a link to download the mobile app.

Read more at Tenable

Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles