Report: 76 iOS apps put users at risk of data interception by hackers

|
Report: 76 iOS apps put users at risk of data interception by hackers
Image Credit: Dreamstime.com
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Advertisement

A new report from mobile security company Sudo Security Group reveals 76 iOS apps show vulnerabilities which could allow hackers to intercept sensitive financial or health data sent over Wi-Fi.

We’re talking about popular apps for free video calling, getting cash rewards and doing mobile banking, plus five apps that are focused solely on the popular social network Snapchat!

Read more: Report: 1 million Google accounts hacked by new malware

Man-in-the-middle attack vulnerabilities

Will Strafach of Sudo Security Group writes in his latest blog that he discovered dozens of apps that can be hit by so-called ‘man-in-the-middle’ data interception attacks.

Such attacks would allow hackers to decrypt data sent wirelessly because of a glitch in the code when the app developers created these apps.

The good news here is that 33 of the compromised iOS apps that Strafach discovered only had a low risk vulnerability.

For these apps (listed below), there’s a danger that hackers could potentially intercept your mobile device’s analytics data, e-mail address or login credentials, according to Sudo Security Group.

There’s a bigger problem here

The bigger problem here involves the remaining iOS apps not included on this list.

Twenty-four of those apps have a medium vulnerability risk, indicating a ‘confirmed ability’ for hackers to get your login credentials ‘and/or session authentication tokens for logged in users.’

Nineteen other apps not listed here are deemed a high vulnerability risk, which means hackers have ‘confirmed ability’ to intercept medical and financial info at will if they wish.

Strafach did not disclose the names of these medium and high vulnerability apps because of obvious security concerns.

His group is now getting in touch with the medical providers, banks and others who are on this secret list so they can close the holes in their app code.

What can you do about this problem?

Apple wants developers to use its App Transport Security (ATS) protocol to fix this problem, though Wired notes that doing that alone won’t clear up the inherent certificate verification issues.

Meanwhile, we’ve all heard the advice about not doing any sensitive medical or financial transactions on your phone when you’re on public Wi-Fi. Strafach says that if you have to check your bank account when you’re out and about, you should be sure to turn Wi-Fi off and use a cellular network.

While it is possible for hackers to breach a cell network, it’s much less likely that they’ll do so.

Here are some additional ways you can stay safe:

Keep your operating system updated

Always make sure you install the latest software updates from your operating system. These often include security and protection updates to help protect your device.

Don’t mess with your OS

Resist the temptation to fool around with your operating system. People sometimes mess around with their OS in trying to download apps that aren’t sanctioned. Don’t do it!

Don’t click on strange texts

Android users got a real scare last year when a report emerged that they could be hacked by text message.

Cast a critical eye on text messages from your bank

Maybe you’ve signed up for texts from your bank. But then a text comes through you weren’t expecting with a link for you to click to update your info. What do you do?

While it may be legit, your best bet is to play it safe. Get off your phone, get onto a secure network (preferably from a computer with good anti-virus software on it) and log into your bank’s official website. If the text from your bank was a legit one, you should see the same request for your info at the bank’s official website. Then you can give them whatever info they’re asking for. 

Only trust downloads directly from financial websites

When it comes to downloading mobile banking apps, be sure you only install your bank, credit union or brokerage firm’s official apps that you find at their websites.

Check your statements diligently

Go through your bank statement line-by-line on a daily basis. Report any suspicious charges immediately.

Have a different password for each financial site

You’re going to need a unique password for each financial account you have: Bank, credit union, brokerage account, etc. That way if one is compromised, the crooks won’t have automatic access to every financial account in your life. Here are seven ways to create safer passwords for all your accounts.

Read more: Get a free iPhone 7 with Verizon’s new unlimited plan

Security warning: Mobile banking hack

Source: Security warning: Mobile banking hack by Clark on Rumble

Advertisement
Theo Thimou About the author: Theo Thimou
Theo is director of content for clark.com. He has co-written 2 books with Clark Howard, including the #1 New York Times bestseller Clark Howard's Living Large in Lean Times.
View More Articles
  • Show Comments Hide Comments