Casa > cibernético Notícias > 76 Aplicativos iOS expõem informações confidenciais do usuário em ataques MiTM
CYBER NEWS

76 Aplicativos iOS expõem informações confidenciais do usuário em ataques MiTM

According to Will Strafach, CEO of Sudo Security Group, a number of iOS apps that are supposed to encrypt user data don’t do it accurately, and are thus exposing their users.

The researcher has uncovered 76 iOS apps vulnerable to attacks that intercept protected data. It appears that the developers of these apps have misconfigured the networking-related code. The result is that the code will accept an invalid TLS certificate, o pesquisador reivindicações.

I was able to confirm 76 popular iOS applications allow a silent man-in-the-middle attack to be performed on connections which should be protected by TLS (HTTPS), allowing interception and/or manipulation of data in motion,” Strafach says.

This attack could be carried out by any party within Wi-Fi range of a device which the device is being used. This could happen while the target is in public or at home.

relacionado: Como bloquear Activation iOS da Bypass Apple em iPhone e iPad

76 Apps Deemed Vulnerable, 43 of Which Medium to High Risk

The vulnerability is found in 76 Aplicativos, and was found via scanning the apps with the researcher’s company-developed security service, verify.ly. Obviamente, his report is also a kind of self-promotion. Strafach also claims that 43 of the these apps were either a high or medium risk, as they could expose login details and authentication tokens. Além disso, some of the apps belong to “bancos, medical providers, and other developers of sensitive applications,” he claimed. These particular apps haven’t been revealed.

relacionado: MacDownloader Malware Escrito por iraniana Estado Hackers Tracks Ativistas

O outro 33 apps were identified as low risks as they exposed only partially sensitive data, like email addresses. Some of these apps are the free messaging service ooVoo, video uploaders to Snapchat and not-so-popular music streaming services.

No geral, all of the 76 apps have been downloaded 18 milhão de vezes, at least according to data by app market tracker Apptopia. Para corrigir o problema, app developers will only have to change a few lines of code, the researcher concluded. He has been trying to contact the devs.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *