Life Tech Apple users warned iOS apps vulnerable to hacking
Updated:

Apple users warned iOS apps vulnerable to hacking

iphone-security
The security of all iPhones could be threatened. Photo: Getty
Share
Twitter Facebook Reddit Pinterest Email

Apple users have been warned that a number of popular iOS apps are vulnerable to being hacked.

Sudo Security Group CEO Will Strafach has revealed 76 Apple Store apps, including Snapchat, are failing to encrypt private information correctly.

Mr Strafach confirmed on Tuesday that iPhones with these particular applications are exposed to “silent interception” of protected data, as misconfigured code allows an invalid Transport Layer Security (TLS) certificate to be accepted.

iOS hack
Snapchat was named as one of the vulnerable iOS apps. Photo: Getty

TLS is used to secure an app’s communication over an internet connection, but faulty binary code opens users up to a considerable security risk.

He explained it as a “man-in-the-middle attack”, where a hacker can eavesdrop over a network and spy on the data the app sends – such as login information.

And all that’s needed is a Wi-Fi connection to intercept your data.

“The truth of the matter is, this sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use,” Mr Strafach wrote.

“This can be anywhere in public, or even within your home if an attacker can get within close range.”

Which applications are at the greatest risk?

Mr Strafach declared that 43 of the apps were a high or medium risk of vulnerability, with authentication and login information exposed.

These apps included “banks, medical providers, and other developers of sensitive applications”, however he would not disclose their names to give developers time to fix the problem.

The remaining 33 apps were deemed low risks because they revealed only partially sensitive data, such as email addresses. This includes Snapchat, messaging service ooVoo, VICE news, and a number of lesser-known streaming services.

Using app market tracker Apptopia, there have been more than 18 million downloads of apps from the Apple store which have been affected by the vulnerability.

The apps’ weaknesses were discovered when scanned through security service verify.ly, which flagged “hundreds of applications” with a high likelihood of data interception.

Mr Strafach did so by running them on an iPhone using iOS 10 and a proxy to insert an invalid TLS certificate into the connection.

How to protect yourself

iOS hack
The best defence against hacks is not to use Wi-Fi in public places, like airports or shopping centres. Photo: Getty

According to the research, the vulnerability is very likely to only be exploited if your connection is flowing over Wi-Fi.

Therefore, the best protection users of affected apps have is to turn off Wi-Fi when in a public location, and use a cellular connection.

“While on a cellular connection the vulnerability does still exist, cellular interception is more difficult, requires expensive hardware, is far more noticeable,” Mr Strafach said.

However for the most part, the only way to reduce the likelihood of attacks is for developers to patch the problem and change a few lines of code.

Mr Strafach provided a warning for developers.

“Be extremely careful when inserting network-related code and changing application behaviours,” he said.

“Many issues like this arise from an application developer not fully understanding the code they’ve borrowed from the web.”

Comments
View Comments