Dozens of popular iOS-applications are still vulnerable to interception of user data
By Prempal Singh
In February this year, an expert on information security Sudo Security Group Will Strafak found that some popular iOS-applications that encrypt user information, do it properly.
It was about 76 for iPhone and iPad applications that are vulnerable to attacks that can capture data. It turned out that three months later, most of the vulnerable applications, including mobile banking, and has not got rid of the security flaws.
Strafak explained that dozens of applications, including banking and medical, contain a dangerous vulnerability. Due to errors in transmission of data associated with the program code may take invalid TLS certificates. TLS protocol used to protect information transmitted over the Internet application connection. Without it, an attacker can sniff the traffic and without the knowledge of the user to intercept any data of interest to him, such as usernames and passwords.
It is logical to assume that after this discovery, developers take on the bug fix. Some of them are actually taken action, for example, HipChat and Foxit. However, most have not got rid of that vulnerability.
Most applications that store sensitive personal information, are still subject to cracking. Among them are bank clients Emirates NBD, 21st Century Insurance, Think Mutual Bank and Space Coast Credit Union.Among the vulnerabilities listed as a Web browser Dolphin, an application for diabetics Diabetes in Check, as well as a program that allows Indiana resident to participate in the vote.
“Such attacks can carry anyone, is in wireless network coverage Wi-Fi, while you use your device. The attacks are possible in public places or even at your home, if the attacker will be able to get close enough “- said Strafak.
While there is no evidence that hackers use the personal data of users, although it is unlikely to justify the omission of the developers. In total, 18 million visits were loaded according to experts, studied 76 applications. The users of vulnerable programs Strafak recommends avoiding public Wi-Fi networks, and only use the mobile Internet.