76 iOS apps are vulnerable to attacks, user data can be easily stolen: Report

A cybersecurity firm recently discovered a number of vulnerabilities in 76 iOS apps that could leave user information open to interception.

Researchers at Sudo Security Group discovered that the way these 76 apps deal with encrypted communications was flawed. As ArsTechnica reports, the flaw will enable a hacker to introduce a ‘man-in-the-middle’ attack that can intercept and read user data. It’s being categorised as a weakness in the Transport Layer Security (TLS) protocol being used.

Sudo has been developing a service that runs bulk analysis of iOS apps.

In a post on Medium, Will Strafach, President of Sudo mentioned that of these 76 apps, 33 proved to be of low-risk. 24 of the apps revealed critical login information, session cookies, etc. and these app vulnerabilities were classified as critical. Safrach adds that these apps were downloaded over 18 million times. Low risk vulnerabilities only revealed data such as device information, device analytics, email ids, etc.

Keeping the security of user data in mind, Strafach reports that his company wouldn’t be revealing the names of the affected apps, the ‘critical’ ones anyway. These names will be revealed in 60-90 days, he adds, assuming that all goes to plan.

It’s normally Android apps that prove to be so critically vulnerable as Apple’s verification process is normally more stringent. Apple has reportedly been insisting that it’s developers use ATS (Apple Transport Security), which is far more secure and uses encryption.

Safrach, however, claims that ATS is of no use in this situation and that data will still be stolen.

The only solutions Strafach offers involve vigilance on the consumer’s part and better analysis techniques for app developers and companies. He points out that simply switching to a cellular network when performing “sensitive” operations, such as logging into your bank, are best done on cellular data with your Wi-Fi turned off.

READ  Malware capable of stealing money or valuable financial information increased by 23 per cent