A bulk analysis of apps on the Apple app store has recently led to the discovery of vulnerabilities in more than 70 apps, which make it easier for snoopers to intercept and alter data sent and received by devices the apps are installed on. The discovery was made by the Sudo Security Group’s verify.ly service last month.
According to Sudo, a total of 76 iOS apps were found to be using loose security configurations, which made them open to man-in-the-middle (MITM) attacks. Snoopers can exploit this vulnerability through certificates–small data files used for authentication in online communications–that are forged, exposing sensitive user data to the crooks by decrypting Transport Layer Security (TLS) protocols.
MITM attacks refer to those wherein the attacker intercepts and alters the communication between Point A and Point B without both ends knowing about it. Conducting MITM attacks allow snoopers to “eavesdrop” on, for example, the communication line between the owner of an online banking account and the bank’s server, giving them access to sensitive information such as passwords and bank account numbers. MITM attacks is possible in unsecured public hotspots.
Sudo said that out of the 76 apps, 33 are considered low-risk, 24 are considered medium-risk, while the rest are considered high-risk. The low-risk apps can expose partially sensitive analytics data, while those that are medium-risk can expose login credentials and session tokens. The last 19 apps are high-risk as they can leave financial and medical service credentials and session authentication tokens vulnerable to exploitation by hackers.
This is not the first time that the discovery of vulnerabilities in Apple apps made headlines. Similar issues surfaced in 2015, where at least 25,000 iOS apps had been found to be prone to Secure Sockets Layer (SSL) protocol decryption. SSL is the predecessor to TLS.
Apptopia estimates the amount of downloads for the affected apps to be at around 18 million. With Apple devices all over the world totaling more than 1 billion in terms of usage, this number is very alarming. The discovery of these vulnerabilities is also an indication that Apple devices are not safe from malicious online attacks anymore. If you’re among the billions of iOS and OS X device users all over the world, then this should be a concern for you.
Stay secure with an Internet security VPN
MITM attacks allow hackers to intercept and alter data that your device sends and receives. To prevent them from accessing your sensitive information, you will need an encrypted connection, and the best way to achieve this is by using Hotspot Shield Internet security VPN.
Hotspot Shield VPN provides a secure tunnel for all your information to go through. Using advanced encryption technology, Hotspot Shield protects your information from interceptions and snooping, so your online sessions are worry-free and more enjoyable.
You can enjoy this feature at no cost as Hotspot Shield Internet security VPN is free. It is also compatible with iOS and OS X devices, so you can install it on your iPhone, iPad and MacBook without worrying about compatibility.
Protect your Apple device from MITM attacks by downloading Hotspot Shield Internet security VPN today. For more information, visit the Hotspot Shield website, and don’t forget to read our other blogs for more Internet safety, anonymity and content access tips.