Security Flaw Discovered In iOS Apps
There have been relatively few true threats to the security of iPhones compared to the amount of malware being produced for Android. A serious threat has recently emerged, however. Antone Gonsalves, of Network World, reports that a team of security experts uncovered a vulnerability in a large number of iOS apps. The flaw allows for a third party to intercept data and then send their own directly onto a user’s device.
The team is calling it “HTTP Request Hacking” because it allows hackers to intercept HTTP traffic between the app and server. The hacker can then tell the app to retrieve data from a different server, which usually involves putting malicious links on your iPhone and iPad. This method is particularly effective for news apps because the hackers can put fake links in the news stories, which cause malware to be downloaded when clicked.
Once a hacker gains control of the app, they can continue to send whatever data they want until the app is updated to close the security gap, or removed completely.
There is such a large number of affected apps that the security team couldn’t contact all of them directly. Instead, they opted to spread the word through the media. The vulnerability only affects apps using an HTTP connection. Most high quality apps use the more secure HTTPS connection.
There’s code available to fix the problem, but it’s much easier to just remove the app. If it’s using an HTTP connection, you probably shouldn’t be using it anyway.
This particular security flaw was specifically found for iOS and while it hasn’t been tested on Android, security experts note that it’s likely that would affect those users as well.
If you believe you have malware infecting any of your devices, come by or contact Geek Rescue at 918-369-4335. We will fix your phone, tablet or computer and help make sure you’re prepared for the next malware attack.October 31st, 2013