As football fever sweeps across Europe due to the 2016 UEFA European Championship, the SmartWire Labs Team at Wandera has been analyzing the mobile data traffic patterns across our network of enterprise customers in the European countries that make up this year’s tournament. By investigating the billions of daily data inputs that are scanned by our Secure Mobile Gateway, we’ve made some startling discoveries about data security and mobile phone usage in the lead up to and during the tournament (Research period 25 May to 24 June 2016).
MALICIOUS WEBSITES AND DATA LEAKS
With the tournament in full swing, users are becoming more active on their mobile devices, by exploring new content and being exposed to an increasing number of online ads. As a result of this spike in activity, SmartWire Labs discovered an increase in the number of malicious websites being accessed by smartphones. Worryingly, it seems that the host country has been actively targeted by hackers with 72% of malicious websites and 41% of exposed passwords being detected on smartphones in France.
During our research period, the number of data leaks observed by our research team increased. We predict this number will continue to rise as the tournament goes on as a result of more people travelling across Europe and using unfamiliar apps and websites to access match information. Our research suggests that data leaks will peak in late June towards the end of Euro 2016 before going back to normal levels in late July.
UEFA APP FOR FANS IS LEAKING DATA
One of the most startling discoveries by our researchers relates to the ‘UEFA EURO 2016 Fan Guide’ App. It’s one of the official UEFA mobile applications for Euro 2016, designed to provide practical tourist information for fans that are travelling to France for the tournament.
We have discovered that user credentials (including username, password, address and phone number) submitted to the online UEFA store website, are being transferred by both the iOS and Android versions of the app, over an insecure connection. The app itself has over 100,000 downloads on the google play store alone, and a very high rating. The implications of this are huge with potentially thousands of people having their personally identifiable information exposed and possibly stolen.
Overall, the increased data usage during the beginning of Euro 2016 will come as no surprise to anyone. The risks associated with this increase in traffic however have huge implications. With more people traveling across Europe, using unfamiliar websites and apps, as well as the shocking discovery that the official UEFA app is leaking data could all lead to serious security breaches with thousands of fans’ data being put at risk.
Since SmartWire Labs exposed the treat UEFA have acknowledged the problem and fixed the issue. A UEFA spokesperson confirmed:
It is correct that there is an issue with the fan app, concerning a third party component in the myfanzone section, where the contact details of around 4,000 users (name, email and phone number) were not fully protected.
Within a few days UEFA made the following statement:
All security vulnerabilities have been solved. Data exchange between the mobile App and the server are now encrypted.