Euro 2016: Official App Exposes Personal Data

The influx of fans to France for Euro 2016 may represent a significant security risk for enterprises

The official mobile application for Euro 2016 is exposing users’ personal data to attackers, according to computer security experts, who found that the football tournament has led to a rise in security issues for fans.

The findings reflect the increasingly complex threat posed by the spread of mobile devices, which are often used for both work and personal purposes.

Official fan guide

IBM

The official UEFA Euro 2016 Fan Guide App, which has seen more than 100,000 downloads, transmits users’ personal data across an insecure connection, potentially exposing it to view by malicious users, according to computer security firm Wandera.

The app exposes data including usernames, passwords, addresses and phone numbers, said Wandera, which based its findings upon data traffic pattern analysis from enterprise mobile devices between 25 May and 24 June.

The findings are the same for both Apple iOS and Google Android versions of the software, Wandera said.

“The app… could therefore provide an access point for hackers to access, and potentially steal, valuable user data,” the company said in an advisory.

UEFA did not immediately respond to a request for comment.

Exposure

The proportion of enterprise devices in France exposed to malicious websites or with passwords exposed to insecure connections rose to 72 percent and 41 percent, respectively, of the total during the time period in question, as users concentrate in the area, according to Wandera.

The rise in exposure to malicious sites is likely to be due to an increase of visitors to the country viewing mobile adverts, according to Wandera chief executive Eldar Tuvey.

“Football fans are travelling across Europe, accessing apps and websites that are unfamiliar to them to access the up-to-date information they crave,” he said in a statement. “Even so-called ‘trusted sources’ carry risk and vulnerability – something that enterprises must be equipped to deal with.”

Traffic related to online advertising almost doubled during the period, peaking in Portugal, Ireland, Turkey and Spain, Wandera said.

News and sport website traffic rose by 38 percent during the period, while the use of social networks surged by 67 percent. Online betting traffic, however, remained constant.

The firm found a significant concentration of phishing incidents in Russia since the beginning of the tournament, at 73 percent of the total, something that didn’t appear to be directly related to Euro 2016.

Major events are often seized upon by phishers to craft emails that appear to relate to the event. Such emails often direct users to a malicious website that tries to collect sensitive information such as online banking login details.

Earlier this month several mobile networks reported that live video streams of the England v Wales match caused a huge spike in network traffic.

Are you a security pro? Try our quiz!