Gap In The Number Of Applications IOS Threaten Millions Of Users Data
security researcher revealed that a large number of custom System for OS iOS
applications, available via the App Store shop, exposed to the loophole that
allows hackers to carry out an attack of some sort, "a man in the
middle" MITM, which displays user data at risk.
explained Lowell Stravi, through his blog, personal, that while the code
analysis software for a number of applications available on the Apple App Store
shop found that hundreds of them exposed to the processes silent objection to
the data by pirates, even though these data are locked or encrypted.
He pointed out that the initial analysis of the data showed the presence of 76
of the famous system iOS applications, specifically from operating on 10 iOS
system, exposed to the loophole that allows attacks man in the middle, even if
the data which is being circulated in a locked and encrypted using a secured
transport layer protocol TSL. He said security researcher that those prone to
attack applications have been downloaded nearly 18 million times on smart
devices Apple operating system iOS 10, putting the data of millions of users
vulnerable to interception or manipulation by pirates.
operates the gap due to code these applications use allowed to accept any
certificate of authenticity to create a secure connection, making it easy for
hackers to deceive these applications and intercept a private communication
even if the user is connected through a wireless network, where Stravi stressed
that the gap is difficult to be exploited if the user is connected to the
Internet via mobile phone networks.
confirmed that 33 of these applications are affected by low loophole that
allows these attacks, where hackers can access sensitive data partly like
e-mail addresses, and some of the data that is recorded in a non-believer.In
contrast, many applications are affected more than the average gap reached
about 24 application, where hackers can intercept login and get approval for
these operations symbols operations, putting users of these applications
account for the risk of penetration.
applications are affected and reached a high risk for this gap about 19
application, where hackers can intercept logon to sensitive accounts such as
financial and bank accounts, and the accounts of medical services operations,
as pirates can obtain security codes to simulate logins later. This, Stravi He
stressed that the security transfer of data within applications feature in the
EOS system iOS does not help and can not deal with or repel attacks that use
this loophole in the affected applications.
deployment of the security researcher group of affected applications are low
loophole names, including banking applications such as the application of the
Libyan safety Bank, and the application of First Bank branch in Puerto Rico,
and the application of Private 24 private Berivc Ukrainian bank, applications
for the talks, such as ooVoo and YeeCall and Mico, apply broadcast platform
neighborhood Loops Live.
applications affected are low loophole, awards CashApp applications, and
FreeMyApps and GiftSaga, and the application of the amendment to the video
VivaVideo, and an applied music Volify broadcast and Music tube, next to the
application of children's books Epic !, and application storage cloud Tencent
Cloud, and Internet application Cheetah browser.
affect low on applications such as VICE News for news, and the application of
forex trading platform Trading 212, and the application of bets AutoLotto
platform, and practical private networks default Private Browser and vpn
Free-OvpnSpide, next to the application of surveillance cameras Foscam and
apply read a subsidiary of ScanLife and disposable QR codes under control name
Code Scanner.And cause the gap to influence several other applications
targeting users snapchat, allowing access to private information these users
accounts, the Friends for Snapchat 1000 and Uploader for Snapchat and Safe Up
for Snapchat and Uploader Free for Snapchat and Snap Upload for Snapchat
influenced by Internet sites users, including communication networks, social,
some of the infected applications Vulnerability, which disclosed Stravi, including
Uconnect Access application that users account may be submitted to Internet
radio service "Banadora" to penetrate, and the application of
InstaRepost when used with Anstagram accounts.
Stravi put a period between two to three months to allow for application
developers that are affected are medium or high-risk Vulnerability issuing
security updates protects users before the announcement of the names of these
applications, which confirmed that the gap are complex and can not be resolved
by users or Apple and developers just can treat and fill them completely.