Students Assess Network Security of Over 20 Companies
Do you ever wonder how secure your Venmo app is? Or whether your information is at risk each time you use Uber?
Nearly 100 students enrolled in the course this past semester and assessed a variety of companies, including eBay, Pinterest, Reddit, AT&T, and Groupon, to provide comprehensive evaluations of their online security protocols.
Shahrez Jan, Austin Small, Scarleth Estevez, and Mike Winters chose to evaluate Uber. While providing a note of caution regarding the company’s hiring practices, students asserted that the mobile app and website are using standard and sufficient security measures to protect user and driver information. Additionally, in reviving the company’s privacy policies, the students felt confident that Uber continues to place the privacy of community members at the forefront of their business practices.
Benny Guan, Jeraldine Guerrero, Hanson Duan, and Ines Kim reviewed Venmo, the popular payment sharing app. The team verified that users’ information and funds are secure within the network system. However, they identified potential issues with functionality and transaction guarantees due to the multi-day lag between Venmo’s initial request to a user’s bank and when hard funds are deposited into the user’s Venmo account. The team also realized that it’s relatively easy for bad actors to impersonate users by identifying their friend circles, which are public, and potentially charging other users fraudulently.
Some students even found vulnerabilities in the sites they audited. Following the standard “responsible disclosure” guidelines for researchers who uncover software vulnerabilities, students worked with Professor Goldberg to reach out to affected companies and alert them to potential security risks.