Hackers could gain access to sensitive information such as your bank details via a new flaw on dozens of iPhone apps, security experts have revealed.
Will Strafach of Infosec warned in a recent blog that a scan of popular apps available at the Apple App Store found that 76 apps were vulnerable to attack as a “backdoor” was available that allowed hackers to act as a middle man and therefore be able to access data that was being sent.
33 apps including online banking apps were named although these were classed as low risk but 43 other apps were deemed to be medium to high risk of attack.
Strafach said the security hole “is derived from networking-related code within iOS applications being misconfigured in a highly unfortunate manner”.
Lots of the named apps are add-on apps for Snapchat users including those used for uploading photos and videos to the popular social media app.
Mr Strafach explained that Apple could not issue a widespread fix as addressing the issue in this manner would make apps more vulnerable to attack.
“The onus rests solely on app developers themselves to ensure their apps are not vulnerable,” he said.
Mr Strafach says the bad design was mainly a problem when the phone was connected to a wi-fi network.
“If you are in a public location and need to perform a sensitive action on your mobile device (such as opening your bank app and checking your account balance), you can work around the issue by opening “Settings” and turning the “Wi-Fi” switch off prior to the sensitive action,” he said.
“While on a cellular connection the vulnerability does still exist, cellular interception is more difficult, requires expensive hardware, is far more noticeable, and it is quite illegal (within the United States).
“Therefore, it is much less plausible for an attacker to risk attempting to intercept a cellular data connection.”
Via: 9to5 Mac