76 iOS Apps Can Violate Your Privacy Says Sudo Security
Sudo Security is the mobile security platform, with an exclusive focus on iOS. Analyzing and processing bulks of data transferred via Web, the company’s analysts can report security breaches, risks and issues. Sadly, iOS users aren’t immune to hackers’ attacks.
Sudo Security President, Will Strafach, revealed in his medium post that there were 76 iOS apps exposed to a silent, man-in-the-middle attack. The said attack could be launched on connections that should have TLS protection, but either they are lacking or there is a hole in their code. In other words, hackers would be able to intercept data being sent through these particular apps.
Mr. Strafach was researved about the apps exact names, though. It is known however, that all of the apps were downloaded more than 18 million times from the official store. Apparently, Sudo Security divided the affected apps into three different groups, according to the amount and character of the data that could be intercepted by culprits.
33 of the apps are considered low risk, since they gave away partially sensitive analytics data regarding the user’s devices, partially sensitive personal data of the user, and log-in credentials that can only be used within a non-hostile network.
24 apps are considered medium risk, because they leaked not only log-in credentials, but also session authentication tokens and also allowed the impostors to act within these apps.
19 apps are considered high risk, as they deal with medical and financial services and the leaked log-in credentials and session authentication tokens can be a threat in an impostor’s hands. Obviously, all the blame cannot be put down to Apple, as the company has always urged developers to implement stricter security measures on iOS apps.
The App Transport Security feature of Apple’s iOS, as Mr. Strafach claimed, will not be able to address the vulnerability. This feature validates the certificates, but not the people who use them. The system has no means to tell a good user from a criminal. That’s why the developers should be very cautious about using network-related code in their apps.
Now, I think it’s not nice of Sudo to keep the apps’ titles quiet. I’m sure many people would like to know exactly which apps are risky. Instead, we’re just warned to avoid using private apps while connected to a public Wi-Fi. But, that kills half the fun of having a mobile device, I would say. And what irritates me most of all, is that all these apps were downloaded from the store. Apple should revise its’ policy regarding the apps entry standards in order to prevent this from happening in the first place.
Meanwhile, what can we do? The man-in-the-middle attack means that a hacker is between you and a server you send your data to, like PayPal or your hospital’s server. The wireless card in your iPhone releases the packets of data in the air. There’s a software that allows a hacker to ‘sniff’ these packets and re-route them to a malware site. If you’re inattentive, you’ll enter your login and password, because you’ll be thinking that you’re visiting the original website.
What can you do? Please, remember that good websites have SSL certificates and a letter ‘s’ added to the ‘http’. S stands for Secure. The safe URL must look like https://sitename. There’s also a small pictogram of a lock next to the URL. Always remember to check if the lock is there.
When outdoors, it’s also a good idea to double check if the hotspot you’re using is a real one. Consult the hotspots map. A false hotspot makes stealing your data a piece of cake for anyone who is out there looking for a victim.
If you’re an advanced user, a VPN – Virtual Private Network – might be an answer. It encodes your data and re-route it to a proxy server. There’s a batch of free VPNs on Web, but they’re mostly slow. The quicker VPNs charge a fee, but fortunately, the rates aren’t too high. As they say, better safe than sorry. Happy surfing!
If your eyes are on new, faster computers, tablets and phones and you look for good hands to adopt your used one, contact us, and we’ll give you the best price for your gadget: Sell my old device online now for top price!
Credit illustration: © iGotOffer