Apple is very meticulous as far as privacy and security are concerned, but however much they want, all applications are not 100% secure, at least those of third parties. After scanning binary application codes in the iOS App Store, Will Strafach's verification service has detected that there are a total of 76 popular applications among users who are currently vulnerable to data interpretation .
The interception is possible regardless of whether the App Store developers are using the Application Transport Security or not. Recently, months ago similar vulnerabilities were discovered in other iOS applications such as Experian and myFICO Mobile.
Strafach's verify.ly service is designed to scan applications from the App Store for iOS in search of vulnerabilities to help developers protect their code and improve their security. The scanning process looks for patterns in vulnerabilities and examples that are repeated in multiple applications.
Numerous third-party apps are vulnerable to silent data interpretation
This publication by Will Strafach's verification service is less alarming, since vulnerabilities have been found in the silent interpretation of data in 76 popular applications among users . And not only that, is that together all these applications have more than 18 million downloads.
Strafach has classified these 76 applications into different risk categories: low, medium and high . The problem is based on a misconfigured network code that makes Apple's application transport security see connections as valid TLS connections, even if they are not. Apple has no possible solution at its disposal and the responsibility rests solely with the application developers themselves to ensure that their applications are not vulnerable.
Some of the applications with low risk of vulnerability are ooVoo, Snap Upload for Snapchat, ViaVideo or Cheetah Browser, among others. For medium to high risk applications, Strafach prefers not to share the list until the problems are successfully communicated to developers and applications companies.
What do you do as a user to protect yourself?
While developers put the solution to these vulnerability issues, users can do some things to help protect themselves against these problems. A correctly configured VPN could help mitigate this problem , something that would not be bad that Apple implemented natively in iOS.
In case the user does not decide to use a VPN on their devices, Strafach recommends that users deactivate their WiFi . If you are in a public place and need to perform a "sensitive" action from your device such as checking your bank account or make some management with it, it is preferable to do it through mobile data instead of a WiFi connection.
And is that while with a data connection vulnerability still exists, cell interception is much more difficult and requires more expensive hardware. That is why it is far less likely for an attacker to risk intercepting a mobile data connection than to a WiFi connection.
Via | 9to5Mac