Modify

Opened 12 months ago

Closed 5 weeks ago

#77 closed FalseNegative (fixed)

glassbox.aircanada.ca

Reported by: admin Owned by:
Priority: major Milestone: Release Candidate 1
Component: RPZ Version: 0.1
Severity: mild Keywords: spyware trackware malware
Cc:

Description

It has come to the daylight that several companies is recording and storing your credit card, username and password information without your knowledge or acceptance of this..

is include, but not limited to

  • aircanada.ca
  • glassboxdigital.io

By such huge leaks we simply have to block such bastard from the root domain level and up.

The following domains blocked by this ticket will be:

  • glassboxdigital.io
  • glassboxdigital.com
  • aircanada.ca
  • hotels.com
  • aisinsurance.com
  • usaa.com
  • bex.com

You can read more on this topic at:

  1. App Analysis: Air Canada on the theappanalyst.com
  2. Big-name travel apps may secretly record your iPhone screen, including credit card info on The Verge

We have by digging into one of the scripts in usaa.com.Those fellas don't joke around:

`{window._cls_config={reportURI:"https://report.usaa.glassboxdigital.io/glassbox/reporting/FFC3F0D4 2F0C-2A18-F1B3-53935466C866/cls_report",recordMouseMoves:true,recordScrolls:true,idleEventTimeInterval:-1,maskList:["usaaNum"],interceptAjax:false,iframesAutoInject:false};}else`

Futhermore by going a big deeper on aircanada.com reveales that they use a number of generic domain to fetch the script:
https://www.aircanada.com/content/dam/aircanada/portal/framework/glassbox/detector-dom.min.js

you can find the unaltered detector-dom.min.js script at our bitbucket.org

Attachments (0)

Change History (1)

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.