If you thought you and your data was safe inside Apple’s closely guarded walled garden, then think again. It has been reported that many iOS apps that are currently available in the App Store are leaking sensitive information including usernames and passwords to hackers. These apps are still susceptible to hacking even though the vulnerability was revealed months ago.
The vulnerability was made public when developer and well known iOS hacker Will Strafach set out to see which iOS apps were vulnerable to the man-in-the-middle attacks. Such attacks allow the hacker to intercept data being transferred from a device to the server. During the research thousands of apps were surveyed to see if they were vulnerable after which Strafach found that dozens of them have badly implement code. They have a vulnerability that would allow the app to accept fake certificate from an attacker and establish an encrypted connection without validating it first.
This vulnerability allows any hacker who is connected to the same Wi-Fi network and is in close range of the target device to trick the app into accepting his fake certificate and establish a connection. Some apps found to be vulnerable by Strafach such as HipChat were later fixed to close the vulnerability, however there are many of others that still haven’t been updated. This includes apps that deal with sensitive user data including banking apps from Emirates NBD and 21st Century Insurance among others. Users of other banking apps including those by Think Mutual Bank and Space Coast Credit Union have been asked to not use the affected version of their bank’s iOS application.
Some other popular names were revealed to be vulnerable to man-in-the-middle attack including the Yo social network, Dolphin web browser and Diabetes in Check.
To stay safe according to Strafach users can avoid using public Wi-Fi networks and use mobile Internet when using the affected apps.