Hackers can inject malicious code to siphon credit card details of customers on OnePlus’ on-site payment page before such card details are encrypted.
Credit card users are often asked to ensure that they are punching in their card details on genuine websites of sellers so that their card details are not accessed by hackers or used by them to carry out unauthorised purchases. However, how will customers protect their data if a genuine website starts featuring glaring security loopholes?
Researchers at security firm Fidus recently revealed how OnePlus’ checkout page that accepts payments from visitors featured security vulnerabilities due to PCI non-compliance as well as for not using iFrame by third-party payment processors. These vulnerabilities could enable hackers to intercept financial details of customers before they could be encrypted.
Read more here.