A security flaw could be leaving your favorite iOS apps open to attacks by the bad guys, says a post by the Sudo Security Group.
Sudo Security Group CEO Will Strafach says that 76 popular iOS apps accounting for around 18 million downloads are vulnerable due to a misconfiguration. The apps in questions can accept an invalid Transport Layer Security (TLS) certificate, allowing hackers to collect any data an app sends, including your login information.
This sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use. This can be anywhere in public, or even within your home if an attacker can get within close range.
Strafach says 43 of the 76 apps in question have a medium or high risk of vulnerability, including apps from “banks, medical providers, and other developers of sensitive applications.”
Strafach won’t publicly identify the medium or high-risk apps affected, as he’s reached out to the app’s developers to help them fix the issue. He says he’ll update the public on the situation in 60 to 90 days. He has listed the apps with low-risk vulnerabilities in his post.
How Can You Protect Yourself from the Security Flaw?
Until the apps are fixed, or at least until we know which apps are affected, Strafach recommends using a cellular connection instead of a public Wi-Fi hotspot connection when checking your bank account information, paying bills, and such. A cellular connection is more secure than an open public Wi-Fi hotspot. (At the very least, we suggest you use a VPN for such activities over a public hotspot.)
We’ll report more on the situation as Strafach makes the information available, so stay tuned. For more information on the apps, and their vulnerabilities read the Strafach post.
