Your IT Consultant

76 iOS Apps Vulnerable to Traffic Interception

February 8, 2017

Transport Layer Security (TLS) is the current method for protecting communications, which has superseded Secure Socket Layer (SSL). Researchers have discovered that dozens of iOS apps improperly accept invalid TLS certificates, which can allow hackers to eavesdrop on the encrypted communications using a man-in-the-middle (MiTM) attack. The list of apps can leak usernames, passwords, geolocation data and even keystrokes. Ars technica states that the problem only exists when you connect using an untrusted Wi-Fi network. "The one ray of sunshine for end-users is that man-in-the-middle attacks (other than those by state actors) are possible only when connected to the Internet via an untrusted Wi-Fi connection. If you're connected using cellular broadband or a trusted wireless network, man-in-the-middle attacks are highly unlikely—though attackers can use Wi-Fi network spoofing to fool a device into connecting to a malicious network, as Ars has demonstrated in the lab in the past."

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
http://www.senseient.com