UPDATED 23:17 EDT / FEBRUARY 07 2017

INFRA

Dozens of iPhone apps found to be vulnerable to data interception

Dozens of popular Apple Inc. iOS apps contain serious security flaws that make them vulnerable to data interception, security researchers at Verify.ly have discovered.

Some 76 apps, which included browser apps, news apps and various virtual private networking apps, were found to be open to a silent man-in-the-middle attack, a form of attack that allows a hacker to eavesdrop over a network and spy on the data the app sends.

Apps named as being vulnerable include Snap Upload for Snapchat, VICE News, Trading 212 Forex & Stocks, Private Browser, Cheetah Browser, and Code Scanner by ScanLife. The 76 apps are estimated to have been downloaded by users 18 million times. According to Verify.ly founder Will Strafach, 33 of the vulnerable apps are categorized as low-risk, while 24 are in the medium-risk group and 19 are high-risk.

Disturbingly, Strafach explained, all that a hacker needs to intercept data is a Wi-Fi connection. “The truth of the matter is, this sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use,” Strafach wrote. “This can be anywhere in public, or even within your home if an attacker can get within close range.”

Strafach added that Verify.ly’s system has shortlisted hundreds of other applications that are likely to have a similar vulnerability as well. Notably, this isn’t the first time iOS apps have been found to include this vulnerability. IOS apps including Kaspersky Safe Browser, Experian and Dell SecureWorks were previously found lacking in their security.

A fix to the apps is ultimately up to developers. But Strafach notes that users can do one simple thing to protect their data: turn off their WiFi connections when in public, since data interception over a cell network is far more difficult for a hacker to undertake.

Photo: wrongdude/Flickr/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU