Thousands of iOS and Android apps remain vulnerable to FREAK


Almost 2,000 iOS and Android apps remain vulnerable to the FREAK security flaw, according to online security company FireEye.

According to information posted by the company this week, scores of mobile apps have still not been patched against FREAK and remain potentially vulnerable to an attack.

The apps, which have not been formally identified, have been downloaded more than 6 billion times from the Google Play Store and App Store and are included in almost every category including photo & video, lifestyle, social networking, health and fitness and finance.

After scanning a combined total of more than 25,000 iOS and Android apps, the research team at FireEye suggest that it is Android which is potentially most vulnerable to attack.

The team scanned at total of 10,985 apps from the Google Play Store which had more than one million downloads each. The results found that 11.2 percent of the apps (1,228) are still vulnerable to FREAK.

As for the iOS apps scanned by the research team, 5.5 percent or 771 out of 14,079 were found to be vulnerable, but only on devices using iOS 8.2.

FREAK, which was first discovered March 3, is a security flaw which allows hackers to force data travelling between a website and servers to use a weaker form of encryption, which in theory could be could result in data being intercepted and compromised as the user remains unaware a lower level of encryption is being used.

FREAK is a hangover from US govt restrictions in the early 1990s which prevented companies selling software overseas with strong encryption keys lay undiscovered for more than a decade. The security flaw was at first only thought to affect Android and iOS browsers. However, it was then revealed that all machines running Windows were also vulnerable to attack.

Microsoft has since released an automatic security update which should have made Windows secure from the FREAK vulnerability.

Google and Apple have also released patches following the discovery of FREAK, although the findings from FireEye highlight how users are still vulnerable as app as some app developers are still to release in order to make their apps secure.

Source: FireEye


Comments are closed.