Click to Skip Ad
Closing in...

1,500 iPhone apps have a serious flaw that hackers can easily exploit

April 21st, 2015 at 10:20 AM
iPhone iOS App Encryption Security Issue

While security companies usually detail vulnerabilities in Android that hackers can use for malicious purposes, analytics service SourceDNA uncovered an encryption flaw that may affect as many as 1,500 applications, Ars Technica reports. Among them, you’ll find some popular titles, including Citrix OpenVoice Audio Conferencing, the mobile app, Movies by Flixster with Rotten Tomatoes, KYBankAgent 3.0, and Revo Restaurant Point of Sale.

DON’T MISS: Finally, a sensible explanation of why you can’t buy the Apple Watch this Friday

The company looked at a specific vulnerability in open-source AFNetworking, a resource that’s widely used by app developers to “drop networking capabilities into their apps.” Since being discovered, the issue has already been corrected, with various iOS apps having been updated to also fix the flaw. However, 1,500 apps are still at risk of exposing user data to hackers, who would be able to trick a device into believing it’s sending data on an encrypted connection.

The security flaw would allow a hacker to intercept all the SSL traffic from one of the affected apps rather easy. “Due to lack of SSL cert validation, the proverbial coffee shop attacker could easily bypass SSL and see all your app’s user credentials and banking data,” SourceDNA on Monday wrote in a post detailing the security issue.

The company scanned all of the free apps in the App Store and about 5,000 paid apps (more than 1 million titles in total), and found that about 1,500 apps are still vulnerable.

More details about this potentially harmful security issue affecting certain iPhone apps are available at the source links, including a monitoring tool that can be used to check whether certain apps are vulnerable to it.

App users can’t really do anything about the flawed app code other than wait for developers to patch the affected apps. However, users can avoid using affected apps over open, untrusted Internet connections, or uninstall the apps from their devices.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News