Kodai Karakawa

**Name of the Vulnerable Software and Affected Versions** TONE store App versions 3.4.2 and earlier **Description** The issue is related to an unprotected primary channel in the TONE store App, which communicates with the TONE store website in cleartext. This could allow a man-in-the-middle attack, enabling an attacker to obtain and/or alter communications of the affected App. **Recommendations** For versions 3.4.2 and earlier, consider disabling communication with the TONE store website until a secure connection method is implemented to prevent man-in-the-middle attacks. Restrict access to sensitive data within the App to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.