A new flaw has been found in 76 iPhone Apps which could allow hackers to gain access to your iPhone and sensitive data, including banking details.
Will Strafach from Infosec has written a blog post, where he details the results of a scan of popular iPhone apps on the Apple App Store. This scan found 76 apps vulnerable to attack, which allows hackers to gain access to potentially sensitive data via backdoor.
Will writes : “During the testing process, I was able to confirm 76 popular iOS applications allow a silent man-in-the-middle attack to be performed on connections which should be protected by TLS (HTTPS), allowing interception and/or manipulation of data in motion. According to Apptopia estimates, there has been a combined total of more than 18,000,000 (Eighteen Million) downloads of app versions which are confirmed to be affected by this vulnerability.”
The hack is quite technical, and if you want all the nitty gritty details (alongside the list of apps affected) then you’re best checking it out here. Basically, it has to do with the way the Apps utilise network code whilst being connected to Wi-Fi. A hacker with the right tools would be able to view sensitive data being sent over Wi-Fi, and given the nature of some of these Apps, which include banking apps, this is a real concern.
Experts are advising that people familiarise themselves with the Apps affected, and, where possible, switch off Wi-fi whilst using them. The vulnerability still exists when using the cellular network, but the equipment to eavesdrop on such connections is much harder to execute.
Ultimately, Apple cannot do a lot to fix this issue, as it comes down to the App developers themselves to rewrite code and perform secure connections correctly via the right protocols.