In a post on Medium, verify.ly creator Will Strafach claims his team has discovered at least 76 popular iOS apps vulnerable to silent man-in-the-middle attacks. Strafach doesn’t disclose the most vulnerable apps for security purposes, but listed a few of the apps that have a lower degree of security risks, like the ooVoo video calling app, Trading 212 Forex & Stocks trading app and several different file uploaders affiliated with Snapchat.
Most of the apps named leave user details like email addresses, user names and passwords open to interception by a third party, and Strafach says iOS’s App Transport Security feature doesn’t help block the vulnerability. The problem lies in commonly misconfigured networking code that Apple is unable to patch on its end, but data is only vulnerable to interception when using a public WiFi network, so Strafach simply recommends turning Wi-Fi off and using the phone’s cellular data when dealing with sensitive information away from home.
[via 9to5Mac]
.
