| Recurring |
multiple_organization |
(a) The software failure incident related to unencrypted data leakage has happened again at multiple organizations. The University of New Haven researchers found similar privacy problems in various Android apps such as Instagram, Vine, Nimbuzz, OoVoo, Voxer, Tango, MessageMe, TextMe, Grindr, HeyWire, Hike, MyChat, WeChat, GroupMe, Whisper, Line, and Zynga's Words with Friends [30320]. These apps were found to store sensitive data in unencrypted form on publicly accessible servers, send passwords in plaintext, and store chat logs in plaintext on the device, compromising user privacy and security. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article where University of New Haven researchers found a host of Android apps leaking unencrypted data over the network and storing files on publicly accessible servers. The issues identified included storing images and videos in unencrypted form on websites, storing chat logs in plaintext on the device, sending passwords in plaintext, and storing screenshots of app usage that the user didn't take [30320].
(b) The software failure incident related to the operation phase can be observed in the same article where the researchers found that several apps were sending text, images, location maps, music, and video unencrypted over the network. Additionally, chat logs were stored unencrypted on the device for various apps. This indicates a failure in the operation or misuse of the system leading to data leakage and privacy concerns [30320]. |
| Boundary (Internal/External) |
within_system, outside_system |
The software failure incident reported in the articles can be categorized as both within_system and outside_system:
(a) within_system: The failure is within the system as the Android apps themselves were found to have various data-leakage problems such as storing images and videos in unencrypted form on websites, storing chat logs in plaintext on the device, sending passwords in plaintext, and storing screenshots of app usage that the user didn't take [30320].
(b) outside_system: The failure is also influenced by factors outside the system, such as the lack of encryption and security measures in the network communications and servers where the data was being stored. This external factor contributed to the leakage of sensitive information from the apps to publicly accessible servers [30320]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident in this case was primarily due to non-human actions such as the lack of encryption in various Android apps like Instagram, Vine, Nimbuzz, OoVoo, and others. The apps were found to leak unencrypted data over the network, store files on publicly accessible servers, and have various privacy issues like storing images and videos in unencrypted form, sending passwords in plaintext, and storing chat logs in plaintext on the device [30320].
(b) The software failure incident occurring due to human actions:
The failure can also be attributed to human actions, particularly the lack of proper security measures and encryption implementation by the developers of the Android apps. The researchers highlighted that security was an afterthought in these apps, indicating a lack of proactive measures taken by the developers to ensure user data privacy and security [30320]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident occurring due to hardware:
- The article does not mention any specific software failure incident occurring due to contributing factors originating in hardware. Therefore, there is no information available regarding a hardware-related software failure incident in the provided article.
(b) The software failure incident occurring due to software:
- The software failure incident mentioned in the article is primarily due to contributing factors originating in software. The University of New Haven researchers discovered data-leakage problems in various Android apps like Instagram, Vine, Nimbuzz, OoVoo, Voxer, and others. These problems included storing data in unencrypted form, sending passwords in plaintext, storing chat logs in plaintext on the device, and other privacy issues related to the software design and implementation [30320]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident reported in Article 30320 is non-malicious. The failure was due to contributing factors introduced without the intent to harm the system. The University of New Haven researchers discovered a host of data-leakage problems in various Android apps, including storing data in unencrypted form on public servers, sending passwords in plaintext, and storing chat logs in plaintext on the device. The incident was a result of poor security practices and lack of encryption in the apps, rather than a deliberate attempt to harm the system [30320]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident reported in the articles is primarily related to poor decisions made by the developers and companies behind the Android apps. The researchers from the University of New Haven uncovered a host of data-leakage problems in various popular apps like Instagram, Vine, Nimbuzz, OoVoo, Voxer, and others. These problems included storing images and videos in unencrypted form on public servers, storing chat logs in plaintext on devices, sending passwords in plaintext, and other privacy issues.
The researchers highlighted that security was treated as an afterthought by these companies, indicating poor decision-making in prioritizing user data protection and privacy. The apps were found to be sending sensitive information unencrypted over the network, storing passwords in plaintext, and leaving videos and chat logs exposed on servers. These poor decisions regarding data security and encryption led to a significant software failure incident that compromised the privacy and security of millions of users [30320]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the findings of the University of New Haven researchers regarding various Android apps leaking unencrypted data over the network. The researchers highlighted issues such as storing images and videos in unencrypted form on public servers, storing chat logs in plaintext on devices, sending passwords in plaintext, and storing screenshots of app usage without user consent [30320].
(b) The software failure incident related to accidental factors is demonstrated by the lack of encryption and secure data handling practices in popular Android apps like Instagram, Vine, Nimbuzz, OoVoo, and others. The researchers discovered that sensitive data like text, images, location maps, music, and video were being sent unencrypted over the network, leading to potential privacy breaches for the estimated 968 million users of these apps [30320]. |
| Duration |
temporary |
The software failure incident reported in Article 30320 can be categorized as a temporary failure. The incident involved various Android apps leaking unencrypted data over the network, storing files on publicly accessible servers, and having privacy issues with plaintext storage of sensitive information. The researchers from the University of New Haven identified these vulnerabilities and highlighted them in their findings. The companies, such as Instagram and Kik, mentioned in the article, responded by taking steps to address the security concerns raised. This indicates that the failure was temporary and could potentially be mitigated by implementing encryption and other security measures [30320]. |
| Behaviour |
omission, value, other |
(a) crash: The articles do not mention any specific software crashes where the system loses state and fails to perform its intended functions.
(b) omission: The software failure incident related to omission is evident in the behavior of the Android apps mentioned in the article. For example, storing images and videos in unencrypted form on websites, storing chat logs in plaintext on the device, sending passwords in plaintext, and storing screenshots of app usage that the user didn't take are instances of the system omitting to perform its intended functions correctly [30320].
(c) timing: There is no indication in the articles that the software failure incident was related to timing issues where the system performed its intended functions but at incorrect times.
(d) value: The software failure incident related to value is observed in the system performing its intended functions incorrectly. This is evident in the apps sending text, images, location maps, music, and video unencrypted over the network, as well as storing chat logs unencrypted on the device [30320].
(e) byzantine: The articles do not mention any behavior of the software failure incident that aligns with a byzantine failure, where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The other behavior observed in the software failure incident is the lack of proper security measures and encryption in the apps, leading to significant privacy and data leakage issues. This behavior can be categorized as a failure due to inadequate security measures and data protection protocols [30320]. |