A security expert has identified a ‘backdoor’ for hackers to attack your iPhone through dozens of popular apps. Will Strafach, CEO of Sudo Security Group warned that many iOS apps were at risk of silent interception of data that should otherwise be protected.
The vulnerability is exposed when users send data from their iPhone to the cloud via Wi-Fi. Apps identified to be at risk include banking apps, messenger apps and music apps, among others. With security of financial information and medical details known to be compromised.
Mr Strafach said the security hole ‘is derived from networking-related code within iOS applications being misconfigured in a highly unfortunate manner’ and due to the type of flaw, Apple would make other apps more vulnerable to attacks if they were to issue a widespread fix. Therefore, there is little Apple can do to address the problem. The onus is therefore placed on the shoulders of the app developers themselves, to ensure their apps are not at risk of being hacked.
The vulnerability is exposed mainly when the users phone is connected to Wi-Fi, therefore it is best to avoid public Wi-Fi wherever possible. If you are in a public area and need to access sensitive information such as banking apps or online accounts, switch your Wi-Fi off and use your cellular data instead.
In a previous blog, we talk about whether ‘Location tracking’ was putting you at risk and suggested some tips on how to protect yourself. Some of these are relevant to this situation and will help you keep your iPhone and your personal information safe:
- Avoid using unencrypted public Wi-Fi where possible. Fake Wi-Fi networks can be designed to look like the real thing, but they’re actually operated by hackers. Connecting to these networks can allow hackers to intercept emails, texts or calls, or direct you to places on the web where they can obtain sensitive passwords and other information.
- Delete all the apps you don’t use
- Disable permissions that the apps doesn’t require in order to function
- Read privacy policies closely
- Check where companies are based, if they are in malware hotspots, consider whether having the app is worth its potential risks
- Make sure you have a lock on your phone so that no one can download an app without your knowledge
For a full list of apps confirmed to be vulnerable, visit Mr Strafach’s blog post > here <