Tag: ios mobile security

Huge mobile security vulnerability may exist in iOS apps

1,500 applications could be open to hackers as a result of outdated code that they continue to contain.

Analytics company, SourceDNA, has identified a mobile security bug that likely still exists in about 1,500 apps that could open up these iOS App Store applications to “man in the middle” attacks.

The problem exists in the way that the iOS apps create secure connections with servers.

The reason is that this connection that is established has a bug in it. This means that a mobile security exists in that anyone who intercepts the data being transmitted from an iPhone or iPad would be able to access the login names, passwords, and a number of other forms of private information that could be sent by way of the HTTPS protocol. When SourceDNA discovered the bug, it reported that among the companies that have kept the outdated code in at least one of their iOS apps were: Microsoft, Yahoo, Uber, and Citrix. This means that millions of Apple device users could have their privacy threatened if the wrong person should choose to attack.

This type of mobile security threat makes it possible for an attacker to take hold of data on the device.

Mobile Security - iOS AppsThis is because attacks through a “man in the middle” vulnerability opens the device up to a fake WiFi hotspot in order to be able to intercept data contained in devices that have connected to it. Typically, this sort of attack, which are also frequently called “coffee shop hacks”, isn’t possible because those artificial hotspots don’t have adequate security certificates. However, the bug that has been found in the iOS apps has stopped those applications for properly checking for those certificates.

The origin of the bug was in the AFNetworking open-source networking code which has been used in the development of thousands of different apps in order to allow them to connect to servers. The code’s 2.5.1 version was originally introduced in January and it had the bug within it which allowed the connections to occur without checking for HTTPS mobile security certificates. There has since been a corrected 2.5.2 code introduced, but there remain about 1,500 apps at the iOS App Store that have yet to update.

Mobile security isn’t standing up to hackers among top 100 apps

A recent report has shown that most of the leading Android and iOS applications have been hacked.

The third annual “State of Mobile App Security” report has now been released, and what it has revealed was that mobile security in both Android and iOS based applications is not high enough to be able to keep hackers from getting in.

How many have been hacked? 87 percent of the top 100 paid Apple iOS apps and 97 percent of the top paid Android apps!

Beyond the rise in mobile security breaches in apps that are occurring among the Popular Free apps that are most frequently downloaded, the report from this year also showed that there was evidence of hacking that was quite commonplace in the applications in the following categories: financial services, retail and merchants, healthcare and medical. Overall, these were primarily driven by hacks in mobile apps for Android devices.

This shows that there remains a serious concern with regards to mobile security in top apps of all types and forms.

Mobile Security not standing up to hackersThe report is produced by Arxan and it has provided an update over the indicators that have been published in previous years with regards to the prevalence of mobile security issues in the form of hacked apps over the two largest smartphone platforms, Android and iOS. Considering the rapid growth of the global mobile app usage, the insight provided in this report could be quite important.

This report also projected that there will be an increase in the download rate of free mobile apps of 99 percent, to the point that they will reach 253 billion downloads in 207. In the paid app download category, it is expected that there will be a 33 percent increase by 2017, when it will reach 15 billion downloads.

The mobile security risk associated with hacking in apps is remaining stead with Android apps, as the figures showed that 97 percent of the top paid apps have been hacked. That said, the risk of hacking in the top paid iOS apps is considerably higher now than it had been last year, as it is now at 87 percent, compared to last year’s 56 percent.