- Jul 22, 2014
- 2,525
Experts from Sudo Security Group have discovered that at least 76 of the most popular iOS apps available through Apple's App Store have failed to properly implement TLS encryption and expose their users to silent MitM (Man-in-the-Middle) attacks.
Sudo Security researchers published yesterday a blog post that includes a list of 76 popular iOS apps and the content each one leaks via its TLS-encrypted traffic.
The list includes popular apps such as browsers, news apps, games, and many VPN and mobile banking apps.
Apps failed to secure HTTPS traffic the right way
Researchers say that these apps have followed Apple's ATS (App Transport Security) guidelines, which mandates they use HTTPS to handle sensitive data transfers between the app and the developer's server, even if Apple pushed back ATS deadline indefinitely last fall.
Despite their effort into securing traffic, Sudo experts say that app developers have not followed proper guidelines in validating and pinning HTTPS certificates.
....
....
Making matters worse is that these 76 apps account for a large chunk of the iOS userbase. According to app analytics platform Apptopia, the 76 iOS apps account for over 18 million installs.
...more in the link above
Sudo Security researchers published yesterday a blog post that includes a list of 76 popular iOS apps and the content each one leaks via its TLS-encrypted traffic.
The list includes popular apps such as browsers, news apps, games, and many VPN and mobile banking apps.
Apps failed to secure HTTPS traffic the right way
Researchers say that these apps have followed Apple's ATS (App Transport Security) guidelines, which mandates they use HTTPS to handle sensitive data transfers between the app and the developer's server, even if Apple pushed back ATS deadline indefinitely last fall.
Despite their effort into securing traffic, Sudo experts say that app developers have not followed proper guidelines in validating and pinning HTTPS certificates.
....
....
Making matters worse is that these 76 apps account for a large chunk of the iOS userbase. According to app analytics platform Apptopia, the 76 iOS apps account for over 18 million installs.
...more in the link above
