A security vulnerability could open up your favorite apps to attack. At issue is a coding flaw, according to Sudo Security Group.
In a new blog post, Will Strafach, CEO of Sudo Security Group, notes that 76 popular iOS apps representing 18 million downloads are vulnerable to attack. Because of a misconfiguration, these apps can accept an invalid Transport Layer Security (TLS) certificate. The misconfiguration allows hackers to collect whatever data an app sends, including login information.
According to Strafach:
This sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use. This can be anywhere in public, or even within your home if an attacker can get within close range.
Of the 76 iOS apps affected, Strafach says 43 have a medium or high risk of vulnerability, including “banks, medical providers, and other developers of sensitive applications.”
For now, Strafach isn’t publicly identifying the apps affected. Instead, he’s reaching out to the app developers to help them fix the problem. He will update the public on these vulnerabilities in 60 to 90 days.
What can you do?
With this security vulnerability in the wild, Strafach recommends not sending sensitive information via a mobile device through public Wi-Fi, “such as opening your bank app and checking your account balance.” Instead, use a cellular connection, which is more secure.
On an iOS device, you can find Wi-Fi settings in the Settings app. Toggle Wi-Fi to the off position before sending valuable information.
What steps have you taken to protect yourself from security vulnerabilities? Leave your comments below.