76 iOS Apps Can Violate Your Privacy Says Sudo Security
Sudo Security is the mobile security platform with an exclusive focus on iOS. Analyzing and processing bulks of data transferred via Web, the company’s analysts can report security breaches, risks and issues. Sadly, but iOS users aren’t immune to hackers’ attacks either.
Sudo Security President Will Strafach revealed in his Medium post that there were 76 iOS apps exposed to a silent man-in-the-middle attack. The said attack can be launched on connections that should have TLS protection. In other words, hackers would be able to intercept data being sent through by these apps.
Mr. Strafach was taciturn about the apps exact names, though. It’s known that all of them were downloaded more than 18 million times from the official store. They in Sudo Security divided the affected apps in three different groups according to the amount and character of the data that could be intercepted by culprits.
33 of the apps are considered as low risk ones as they gave away partially sensitive analytics data regarding the user’s devices, partially sensitive personal data of the user, and log-in credentials that can only be used within a non-hostile network.
24 apps are considered at medium risk as they leaked not only log-in credentials but also session authentication tokens and allowed the impostors to act within these apps.
19 apps are considered at high risk as they deal with medical and financial services and the leaked log-in credentials and session authentication tokens can be a threat in an impostor’s hands. Obviously, all the blame cannot be put down to Apple as the company has always urged developers to implement stricter security measures on iOS apps.
The App Transport Security feature of Apple’s iOS, as Mr. Strafach claimed, will not be able to address the vulnerability. This feature validates the certificates and not the persons who use them. The system has no means to tell a good user from a criminal. That’s why the developers should be very cautious about using network-related code in their apps.
Now, I think it’s not nice of Sudo to keep the apps’ titles to themselves. I’m sure, many people would like to know exactly what apps are risky. Instead, we’re just warned to avoid using private apps in public Wi-Fi. But that kills half the fun of having a mobile device, I should say. And what irritates me most of all is that all these apps were downloaded from the store. Apple should revise its’ policy regarding the apps entry standards.
Meanwhile, what can we do? The man-in-the-middle attack means that a hacker is between you and a server you send your data to, like PayPal or your hospital’s server. The wireless card in your iPhone releases the packets of data in the air. There’s a software that allows a hacker to ‘sniff’ these packets and re-route them to a malware site. If you’re inattentive, you’ll leave your login, password and suchlike yourself, because you’ll be thinking that you’re visiting the original website.
What can you do? Please, remember, that good websites have SSL certificates and a letter ‘s’ added to the ‘http’. S stands for Secure. The safe URL must look like https://sitename. There’s also a small pictogram of a lock next to the URL. Always remember to check if the lock is here.
When outdoors it’s also a good idea to double check if the hotspot you’re using is a real one. Consult the hotspots map. A false hotspot makes stealing your data just a piece of cake.
If you’re an advanced user, a VPN – Virtual Private Network – might be an answer. It encodes your data and re-route it to a proxy server. There’s a batch of free VPNs on Web, but they’re mostly slow. The quicker VPN are payable. But the rates aren’t too high. As they say, better safe than sorry. Happy surfing!
If your eyes are on new faster computers, tablets and phones and you look for good hands to adopt your used one, contact us, and we’ll give you the best price for your gadget: Sell my old device online now for top price!