How One Simple iOS Vulnerability Endangers Over 76 Apps

By on Feb 15, 2017

76 – that’s how many iOS apps out there that are currently laced with a security vulnerability. So, what exactly are these apps vulnerable to, you may ask? To data theft—specifically, silent man-in-the-middle attacks that allow cybercriminals to intercept and steal user data ranging anywhere from valuable healthcare, financial, or personal data.

So, where does this massive vulnerability come from? Despite Apple’s recent push on developers toward greater app security, a misconfiguration in the back-end of these apps has created a gaping security hole. This weakness even causes Apple’s ATS (App Transport Security) mechanism—a security requirement for apps to use a secure network connection over HTTPS— to interpret insecure connections as valid.

That means if a cybercriminal exploits any of the weaknesses in these dozens of apps, they can gather sensitive data that is transmitted across a network from that app. That could be anything, from healthcare data sent to your doctor, to credit card information used for your newest purchase—the possibilities are endless.

And with speculation circulating that hundreds of more iOS apps could be susceptible to this same vulnerability, it’s critical that developers build a layer of security into their apps.

Until they do, here are a few tips for protecting your apps and mobile devices from data theft: 

  • Don’t share everything with your app. Until stricter security measures are enforced, keep what personal data you share with your apps to a minimum. Only share what is absolutely necessary, and be skeptical when apps are asking for more data than they should need to operate.
  • Do your homework. If you are debating inputting personal data into an app, do your research, and refer to official App Store reviews. Look into the app’s security standards, scope out app reviews—if it something comes off remotely fishy or insecure, it may be best to avoid the app entirely.
  • Avoid public Wi-Fi. A public Wi-Fi network can be the perfect spot for a cybercriminal to swoop your data, since it’s openly shared across a communal space. Do your best to stay off public Wi-Fi, but if you really need immediate internet access, use a trusted VPN (Virtual Private Network) instead.

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs