Gap In The Number Of Applications IOS Threaten Millions Of Users Data
A security researcher revealed that a large number of custom System for OS iOS applications, available via the App Store shop, exposed to the loophole that allows hackers to carry out an attack of some sort, "a man in the middle" MITM, which displays user data at risk. He explained Lowell Stravi, through his blog, personal, that while the code analysis software for a number of applications available on the Apple App Store shop found that hundreds of them exposed to the processes silent objection to the data by pirates, even though these data are locked or encrypted. Stravi He pointed out that the initial analysis of the data showed the presence of 76 of the famous system iOS applications, specifically from operating on 10 iOS system, exposed to the loophole that allows attacks man in the middle, even if the data which is being circulated in a locked and encrypted using a secured transport layer protocol TSL. He said security researcher that those prone to attack applications have been downloaded nearly 18 million times on smart devices Apple operating system iOS 10, putting the data of millions of users vulnerable to interception or manipulation by pirates. And it operates the gap due to code these applications use allowed to accept any certificate of authenticity to create a secure connection, making it easy for hackers to deceive these applications and intercept a private communication even if the user is connected through a wireless network, where Stravi stressed that the gap is difficult to be exploited if the user is connected to the Internet via mobile phone networks. Stravi confirmed that 33 of these applications are affected by low loophole that allows these attacks, where hackers can access sensitive data partly like e-mail addresses, and some of the data that is recorded in a non-believer.In contrast, many applications are affected more than the average gap reached about 24 application, where hackers can intercept login and get approval for these operations symbols operations, putting users of these applications account for the risk of penetration. Many applications are affected and reached a high risk for this gap about 19 application, where hackers can intercept logon to sensitive accounts such as financial and bank accounts, and the accounts of medical services operations, as pirates can obtain security codes to simulate logins later. This, Stravi He stressed that the security transfer of data within applications feature in the EOS system iOS does not help and can not deal with or repel attacks that use this loophole in the affected applications. The deployment of the security researcher group of affected applications are low loophole names, including banking applications such as the application of the Libyan safety Bank, and the application of First Bank branch in Puerto Rico, and the application of Private 24 private Berivc Ukrainian bank, applications for the talks, such as ooVoo and YeeCall and Mico, apply broadcast platform neighborhood Loops Live. Other applications affected are low loophole, awards CashApp applications, and FreeMyApps and GiftSaga, and the application of the amendment to the video VivaVideo, and an applied music Volify broadcast and Music tube, next to the application of children's books Epic !, and application storage cloud Tencent Cloud, and Internet application Cheetah browser. Gap also affect low on applications such as VICE News for news, and the application of forex trading platform Trading 212, and the application of bets AutoLotto platform, and practical private networks default Private Browser and vpn Free-OvpnSpide, next to the application of surveillance cameras Foscam and apply read a subsidiary of ScanLife and disposable QR codes under control name Code Scanner.And cause the gap to influence several other applications targeting users snapchat, allowing access to private information these users accounts, the Friends for Snapchat 1000 and Uploader for Snapchat and Safe Up for Snapchat and Uploader Free for Snapchat and Snap Upload for Snapchat applications. And influenced by Internet sites users, including communication networks, social, some of the infected applications Vulnerability, which disclosed Stravi, including Uconnect Access application that users account may be submitted to Internet radio service "Banadora" to penetrate, and the application of InstaRepost when used with Anstagram accounts. The Stravi put a period between two to three months to allow for application developers that are affected are medium or high-risk Vulnerability issuing security updates protects users before the announcement of the names of these applications, which confirmed that the gap are complex and can not be resolved by users or Apple and developers just can treat and fill them completely.