Security experts identify dozens of iPhone apps vulnerable to hacking, including banking, business apps


- Sponserd Ads -

SECURITY experts have identified a new flaw found in dozens of popular iPhone apps that could let hackers gain access to your sensitive data including banking details.

Infosec expert Will Strafach has published a blog post warning that a scan of popular apps on the Apple App Store had found 76 apps vulnerable to attack, with a “backdoor” which would allow a hacker to carry out “man in the middle” attacks that let them access the data being sent from the phone to the cloud.

The blog post names 33 apps that are vulnerable to attack, including a banking app called FirstBank PR Mobile Banking and the Uconnect Access app that lets people locate their car and remotely unlock it.

The apps named in the blog post today are considered low risk, but Strafach warns there are 43 apps that are high or medium risk of being hacked which will be named in a few weeks after the app developers have been given the chance to fix the flaw.

Strafach said the security hole “is derived from networking-related code within iOS applications being misconfigured in a highly unfortunate manner”.

Several of the apps on the list released today are add-on apps for Snapchat users, including apps to upload photos and videos to Snapchat and apps for increasing Snapchat contacts. Another app, called Epic!, promises “unlimited books for kids”.

Mr Strafach said the type of flaw meant Apple was not able to issue a widespread fix, because to address the problem in that way would make the apps more vulnerable to attack.


“The onus rests solely on app developers themselves to ensure their apps are not vulnerable,” he said.

The blog post contains the full list of apps named and shamed so far.

Mr Strafach says the bad design was mainly a problem when the phone was connected to a wi-fi network.

“If you are in a public location and need to perform a sensitive action on your mobile device (such as opening your bank app and checking your account balance), you can work around the issue by opening “Settings” and turning the “Wi-Fi” switch off prior to the sensitive action,” he said.

“While on a cellular connection the vulnerability does still exist, cellular interception is more difficult, requires expensive hardware, is far more noticeable, and it is quite illegal (within the United States).

“Therefore, it is much less plausible for an attacker to risk attempting to intercept a cellular data connection.”

Online Source:

Share post:


More like this

Miss India Australia 2021 Winner

Sanya Arora, 22 years, dermal therapist, from Melbourne, has been...

Visa changes to support the reopening of Australia and our economic recovery

The Morrison Government is making it easier for highly...

Sydney international terminal bustling once again

After nearly 600 days of closed foreign borders, I...