Tag: ios security

Huge mobile security vulnerability may exist in iOS apps

1,500 applications could be open to hackers as a result of outdated code that they continue to contain.

Analytics company, SourceDNA, has identified a mobile security bug that likely still exists in about 1,500 apps that could open up these iOS App Store applications to “man in the middle” attacks.

The problem exists in the way that the iOS apps create secure connections with servers.

The reason is that this connection that is established has a bug in it. This means that a mobile security exists in that anyone who intercepts the data being transmitted from an iPhone or iPad would be able to access the login names, passwords, and a number of other forms of private information that could be sent by way of the HTTPS protocol. When SourceDNA discovered the bug, it reported that among the companies that have kept the outdated code in at least one of their iOS apps were: Microsoft, Yahoo, Uber, and Citrix. This means that millions of Apple device users could have their privacy threatened if the wrong person should choose to attack.

This type of mobile security threat makes it possible for an attacker to take hold of data on the device.

Mobile Security - iOS AppsThis is because attacks through a “man in the middle” vulnerability opens the device up to a fake WiFi hotspot in order to be able to intercept data contained in devices that have connected to it. Typically, this sort of attack, which are also frequently called “coffee shop hacks”, isn’t possible because those artificial hotspots don’t have adequate security certificates. However, the bug that has been found in the iOS apps has stopped those applications for properly checking for those certificates.

The origin of the bug was in the AFNetworking open-source networking code which has been used in the development of thousands of different apps in order to allow them to connect to servers. The code’s 2.5.1 version was originally introduced in January and it had the bug within it which allowed the connections to occur without checking for HTTPS mobile security certificates. There has since been a corrected 2.5.2 code introduced, but there remain about 1,500 apps at the iOS App Store that have yet to update.

Mobile security report shows equal vulnerability between Android and Apple

Marble Security has released its June threat report and found that the chances of attack are the same.

The latest mobile security report from Marble has revealed that the odds of experiencing a malicious software attack on either an iOS or Android based smartphone are equally high.

This goes against previous research that has indicated that iOS provides greater safety as a platform.

This mobile security data could come as quite a surprise to iPhone or iPad owners who had been under the impression that they were safe from the risk of malicious software and malware. The Marble research found that these two types of device have an equal vulnerability from those types of attack.

This mobile security research result jars with the long held belief that Apple devices are safer.

In the case of computers, Apple machines traditionally had a much lower instance of spam, malware, and other types of harmful software than PCs. That same feeling has migrated into the mobile sphere as smartphones have achieved greater penetration. However, the research from the Marble Labs analysis has shown that they aren’t any more or less safe than their Android counterparts.Mobile Security Problems

The study looked into the top 14 forms of smartphone security threats. In them, both platforms proved to be equally risky – and the risk wasn’t low. At the same time, the balance of the exposures were different between the two platforms. Though they are equally at risk of threats, the threats for each type of platform are not the same.

The firm also conducted an analysis of 1.2 million Android and iOS apps and published the results in its report. What it found was that news and gaming applications in iOS are the top security risks among any form of category for iPhones and iPads.

According to David Jevans, the CTO and founder of Marble Security, it is important for enterprise security managers to understand the mobile security threat over Apple devices. He pointed out that the electronics giant’s “vaunted iOS mobile security reputation hinges on its app distribution control, not on any inherent superiority of its operating system.”