Click to Skip Ad
Closing in...

1,500 iPhone apps have a serious flaw that hackers can easily exploit

Published Apr 21st, 2015 10:20AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

While security companies usually detail vulnerabilities in Android that hackers can use for malicious purposes, analytics service SourceDNA uncovered an encryption flaw that may affect as many as 1,500 applications, Ars Technica reports. Among them, you’ll find some popular titles, including Citrix OpenVoice Audio Conferencing, the Alibaba.com mobile app, Movies by Flixster with Rotten Tomatoes, KYBankAgent 3.0, and Revo Restaurant Point of Sale.

DON’T MISS: Finally, a sensible explanation of why you can’t buy the Apple Watch this Friday

The company looked at a specific vulnerability in open-source AFNetworking, a resource that’s widely used by app developers to “drop networking capabilities into their apps.” Since being discovered, the issue has already been corrected, with various iOS apps having been updated to also fix the flaw. However, 1,500 apps are still at risk of exposing user data to hackers, who would be able to trick a device into believing it’s sending data on an encrypted connection.

The security flaw would allow a hacker to intercept all the SSL traffic from one of the affected apps rather easy. “Due to lack of SSL cert validation, the proverbial coffee shop attacker could easily bypass SSL and see all your app’s user credentials and banking data,” SourceDNA on Monday wrote in a post detailing the security issue.

The company scanned all of the free apps in the App Store and about 5,000 paid apps (more than 1 million titles in total), and found that about 1,500 apps are still vulnerable.

More details about this potentially harmful security issue affecting certain iPhone apps are available at the source links, including a monitoring tool that can be used to check whether certain apps are vulnerable to it.

App users can’t really do anything about the flawed app code other than wait for developers to patch the affected apps. However, users can avoid using affected apps over open, untrusted Internet connections, or uninstall the apps from their devices.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2007. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming new movies and TV shows, or training to run his next marathon.