Back in February, we learned from a security researcher that various iOS apps can secretly leak login data and other personal information to hackers that know how iOS works, and how to take advantage of various flaws. Three months later, it looks like many of these apps, including mobile banking applications, have not been fixed.
Sudo Security Group Will Strafach explained that no less than 76 apps were susceptible to man-in-the-middle attacks, including banking and medical apps. Hackers could fool these apps into leaking a user’s login details, without the user knowing.
You’d think app developers would go ahead and fix their apps following the notice. It turns out some of them have done so, including HipChat and Foxit. But ZDNet reports that many others haven’t taken action.
minor update: more of these are fixed now, such as Atlassian HipChat for iOS (CVE-2017-8058) and Foxit PDF Reader for iOS (CVE-2017-8059) https://t.co/QO8aKXInGk
— Will Strafach (@chronic) April 23, 2017
The majority of the apps that can leak user data will still expose login info have not been fixed, including banking apps Emirates NBD, 21st Century Insurance, Think Mutual Bank, and Space Coast Credit Union, to name just a few.
Other apps including private web browser Dolphin Web Browser, blood glucose level Diabetes in Check, and an app that allows Indiana residents to vote are still affected by the hack.
There’s no indication anyone is abusing this iOS security flaw, but that’s not a good excuse for any app developer not to fix the issues. If you still have to use any of this apps, Strafach advises to avoid Wi-Fi networks and use your cellular plan instead.
Trending right now:
- Amazon just discounted the Echo for the first time in 2017
- Where to buy the fidget spinners everyone is going crazy over
- The Galaxy Note 8’s best new feature is supposedly coming early