Popular iPhone Apps May Lead To Data Breach
Apple’s tight control over its products combined with its strict policies regarding the App Store might annoy some consumers, but in the end, they are solid reasons as to why Mac and iOS hardware have been less of a target for hackers. The platform has long been seen as a “safer” product than Android, and that perception is largely due to the abundance of third-party apps and even app stores that sell some pretty shady content. Basically, unless you were a high-profile target and the people coming at you had the backing of a foreign government, your iPhone was probably secure.
Security expert says the problem isn’t one that can easily be fixed.
A new report from security expert Will Strafach may change that perception, flipping it into more of a misconception. Strafach’s early release of key findings already show that more than seventy popular apps available through the official App Store have “low-risk” security flaws that still leave the door wide open for hacking.
According to a breakdown of the problem by HotForSecurity.com, these apps “failed to make use of the Transport Layer Security (TLS) protocol, and allowed a malicious attacker to silently perform a man-in-the-middle (MiTM) attack, stealing or manipulating data as it is sent and received from the mobile device.”
Strafach says the problem isn’t one that can easily be fixed, as the solution would cripple a lot of other apps in terms of security: “There is no possible fix to be made on Apple’s side, because if they were to override this functionality in attempt to block this security issue, it would actually make some iOS applications less secure as they would not be able to utilize certificate pinning for their connections… Therefore, the onus rests solely on app developers themselves to ensure their apps are not vulnerable.”
The complete list of 76 low-risk apps – which combined have been downloaded more than 18 million times – can be found here, but Strafach will be releasing the medium and high-risk app list at a later time. The need for sitting on this information? He needs to continue contacting developers, banks, and other key institutions before sharing the news with the public, risking a greater incidence of hacking. In the meantime, HotForSecurity recommends that following preventive measure: “If you’re concerned, one thing to remember is that your chances of having data intercepted are greatly reduced if you use a cellular connection (which requires a hacker to deploy specialist expensive hardware) rather than Wi-Fi.”