Banking and medical data can be stolen or altered in numerous iPhone apps available in Apple's App Store.
(CCM) — Data from 76 popular iPhone apps can be intercepted and altered while it travels over a supposedly secure "https" internet connection using what is known as a man-in-the-middle attack, according to a blog post by mobile security expert Will Strafach. The vulnerable apps have been downloaded a total of more than 18 million times, according to Apptopia estimates. In 19 of the apps the vulnerability was deemed to represent a high security risk because it gives malicious hackers the ability to intercept financial or medical service login credentials and other information needed for users to log in.
Strafach explained that in many circumstances it is easy to launch a man-in-the-middle attack against an iPhone user running one of these apps. "The truth of the matter is, this sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use," he said. "This can be anywhere in public, or even within your home if an attacker can get within close range." He added that an attack can be conducted using either custom hardware or a modified mobile phone, depending on the required range and capabilities. A list of the high-risk apps will be published within 60-90 days, providing time for the affected banks, medical providers, and other organizations to fix them.
Image: © 360b - Shutterstock.com