At least 76 popular iOS apps found to have risks for data interception. At the time of the findings, more than 18,000,000 apps downloaded from Apple’s App Store. Popular apps such as Snapchap and various banking apps are among the known vulnerable apps. The vulnerable apps failed to make use of the Transport Layer Security Protocol. Without this security, applications are susceptible to data interception by hackers. The developers of the application must make fix. Apple is unable to address at OS level because changes there can open up additional holes in security. The current work around is not to use applications effected by this flaw on public Wi-Fi but rather use data service provided by cellular company.
https://www.macrumors.com/2017/02/07/popular-ios-apps-vulnerable-interception/
Hi Wayne,
Thanks for posting this interesting read. I got a little curious and tracked down the list of 76 apps that was mentioned in the article which is provided in the link below. Most of the low priorities app, I’ve never even heard of and unfortunately the Medium/High risk were not disclosed. It also provided a list of past occurrences and I was surprised to see CISCO WebEx on there. I will definitely wait to see the Medium/high risks ones to see if it’s an app that I use.
https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.sg5vve94f
Thanks for tracking this down Loi Van. That is pretty ironic that the app I use for this class was at one time vulnerable! I am not very familiar with the low and medium priority apps. Hopefully, the developers fix these apps or the rest are released soon!