UPDATED 01:26 EDT / JULY 17 2015

NEWS

Report: AppBugs finds host of popular mobile apps open to password cracking

Research published this week identified 53 mobile apps that leave user accounts vulnerable to hacking attempts as they fail to restrict the number of unsuccessful login attempts allowed. (via Ars Technica)

Known as a “Brute Force Attack”, hackers run sophisticated software that can “guess” a user’s password by trying a large number of common passwords or password variations in a relatively short time until it finds the correct one and gains access to the victim’s account.

Limiting the number of unsuccessful login attempts automatically locks out the user once the threshold is reached. Usually, the only way to regain access is performing a “lost password” or ”password reset” action that requires account verification via email.

Naturally this does result in legitimate users being locked out of their account once they’ve entered their password incorrectly a few times – something that happens often due to forgotten passwords – however; the positive benefits of protecting user accounts far outweighs this minor inconvenience.

Perhaps the most infamous case of users of an app or web service falling prey to a Brute Force Attack was 2014’s iCloud celebrity hack that resulted in the theft of nude photos. That hack was said to have been made possible in part by iCloud failing to limit the number of failed login attempts. Hackers reportedly used a password-cracking tool called iBrute to access user accounts and access photos stored in backups.

Smartphone security firm AppBugs analyzed 100 apps which support password-protected web accounts and found that 53 of those apps did not limit failed login attempts, leaving their user accounts vulnerable.

The Android versions of the 53 vulnerable apps have been downloaded a combined 300 million times and AppBugs estimates the iOS downloads to also be in the region of 300 million, leaving some 600 million downloads vulnerable to Brute Force Attacks. (Apple does not publish download counts for apps in its App Store.)

AppBugs notified the individual app developers of their findings, giving them 90 days to fix vulnerabilities before disclosing their finding to the public. So far the grace period has only expired on 12 of the 53 apps, including those from Walmart, Kobo, SoundCloud, Slack, AutoCad 360, Zillow, Domino’s Pizza, CNN, Expedia, WatchESPN, iHeartRadio, and Songza.

In addition, the Wunderlist, Dictionary, and Pocket apps were also identified, but developers have implemented the necessary changes since being notified by AppBugs.

Image credit: Ervins Strauhmanis | Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.