En-mass scanning of the binary code in applications on Apple’s App Store has revealed that 76 popular iOS apps are vulnerable to man-in-the-middle attacks that can be performed on connections which should be secured using Transport Later Security (TLS).
Apps such as the Tencent Cloud, Uploader for Snapchat, Huawei HiLink, and Vive News, were all found to be vulnerable to hack attacks that could steal or manipulate data if a mobile device is within Wi-Fi range of a malicious party.
The vulnerabilities were discovered by Will Strafach, a security specialist and the developer of the verify.ly mobile app analysis service.
“The truth of the matter is, this sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use. This can be anywhere in public, or even within your home if an attacker can get within close range,” he explained.
“Such an attack can be conducted using either custom hardware, or a slightly modified mobile phone, depending on the required range and capabilities. The best similar and well-understood form of attack to this would be the ability to read data from credit cards at a close range.”
Strafach said the onus for fixing such security holes is on the app developers not Apple, as if the Cupertino company was to override the TLS process, it would make some iOS applications less secure than before.
“Due to this, Apple’s “App Transport Security” mechanism will see the connection as a valid TLS connection, as it must allow the application to judge the certificate validity if it chooses to do so,” Strafach said.
“There is no possible fix to be made on Apple’s side, because if they were to override this functionality in attempt to block this security issue, it would actually make some iOS applications less secure as they would not be able to utilize certificate pinning for their connections, and they could not trust otherwise untrusted certificates which may be required for intranet connections within an enterprise using an in-house PKI.”
Many consider Apple to produce the most secure mobile and desktop software, but bugs still plagues Apple as much as they do Microsoft, with threats recently even hopping over form Linux and Windows to threaten Mac OS X.
Are you a security pro? Try our quiz!
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…
Eight newspaper publishers in the US allege Microsoft and OpenAI used their millions of their…
US judge sentences Binance founder, Changpeng Zhao, to four months in prison for ignoring money…