Research came out this past week that an alarming number of apps for your iPad and iPhone contain some security flaws. We’re not talking about viruses here, these are not compromised apps, or intentionally harmful apps, just 70+ apps that missed a step in security best practices.
We’ll dive into the vulnerable list later, but first we feel we should explain more, just what is an app that is vulnerable to a man in the middle attack? Let’s find out.
Man in the Middle
I’m dusting off my college education here a little, forgive me if I get things only 98% correct. A man in the middle attack is when the data transmission between your computing device and the web server you’ve connected to is intercepted by a third party.
In my experiments with network snooping software, things were simple, my machine would ask a basic math question from my perfectly capable calculator website. My man in the middle software would intercept the message and return an incorrect answer.
My test situation was more annoying than anything, but what if an attacker intercepts your bank account password? That’s bad enough, let’s not think about how they could then display inaccurate information to you, like your full account balance, while they clean out the account for real. Now are you scared?
Truth is, man in the middle attacks are almost exclusively found over WiFi connections, and most of those are on open public hotspots. VPN software could be a simple solution, or you can just be a little more weary of what WiFi you connect to. If in doubt, and not in a safe place like home, use your cellular data connection when doing your banking.
What apps are in trouble?
The research has been performed by one Will Strafach, as published on Medium. He has only listed what he calls low risk applications, ones that are vulnerable, but whose exposed elements are not likely to cause you identity or financial problems. However, some expose your username and password for the services involved, so you might consider changing your passwords soon.
Unfortunately for those of us looking to protect ourselves, Mr. Strafach has not yet released the list of apps determined to be medium or high risk. This list includes banking apps and the like. Do not be mad at him, this is common practice in the field, notifying the app developers, giving them time to repair their issues before the list goes live. Use smart connectivity choices and you shouldn’t have any issues.
- ooVoo – Free Video Call, Text and Voice
- VivaVideo – Free Video Editor & Photo Movie Maker
- Snap Upload for Snapchat
- Uconnect Access
- Volify – Free Online Music Streamer and MP3 Player
- Uploader Free for Snapchat
- Epic! – Unlimited Books for Kids
- Mico – Chat, Meet new people
- Safe Up for Snapchat
- Tencent Cloud
- Uploader for Snapchat – Quick Upload Pics & Videos to Snapchat
- Huawei HiLink (Mobile WiFi)
- VICE News
- Trading 2121 Forex & Stocks
- CashApp – Cash Rewards App
- 1000 Friends for Snapchat
- YeeCall Messenger – Free Video Call & Conference Call
- InstaRepost – Repost Videos & Photos for Instagram Free Whiz App
- Loops Live
- Private Browser – Anonymous VPN Proxy Browser
- Cheetah Browser
- AMAN BANK
- FirstBank PR Mobile Banking
- vpn free – OvpnSPider for vpngate
- Gift Saga – Free Gift Card & Cash Rewards
- Vpn One Click Professional
- Music tube – free imusic playlists from YouTube
- AutoLotto: Powerball, MegaMillions Lottery Tickets
- Foscam IP Camera Viewer by OWLR for Foscam IP Cams
- Code Scanner by ScanLife: QR and Barcode Reader
Wow, there are a few on there I am sad to see, but again, most are low risk. What I mean is, your OS Version and Device Model may be identifiable by an attacker. I wish that was the short of it, though, so please reconsider using these apps before you learn more about their specific vulnerabilities. Having them on your device is not an immediate threat, and many are only compromised at certain times, so please don’t just uninstall. Not yet at least.
To see the description of each vulnerability or to learn more in general, visit the main post by Will Strafech on Medium here.
Do you use any of these apps? What are you going to do?