When it comes to app security, iOS is generally considered safer than Android. But that doesn’t mean all software on Apple’s system is without its vulnerabilities. Researchers at Sudo Security Group Inc. discovered that 76 applications in the iOS App Store were vulnerable to silent man-in-the-middle attacks.
In his blog post, Sudo CEO Will Strafach explains that the discovery was made through the firm’s verify.ly service, which bulk scans the binary code of applications within Apple’s Store. The number of affected apps account for at least 18 million downloads.
The vulnerability is a result of the apps’ poorly implemented networking code, allowing it to accept any certificate to establish an encrypted connection. Attackers within close proximity of a vulnerable device could inject an invalid TLS certificate to intercept the user’s data. Strafach explains that the attacks could be carried out using either custom hardware, or a modified smartphone, and he notes that Apple’s App Transport Security feature won’t block the certificate as it sees a valid TLS connection, even when it’s not.
33 of the apps have been classed as low risk because the vulnerable data is only partially sensitive analytics data about the device. These include a number of third-party Snapchat applications, such as Uploader for Snapchat, as well as Vice news, several VPNs, and Trading 212 Forex & Stocks.
The remaining apps fall into the medium/high-risk category. Strafach has not published their names as he wants to reach out to the apps’ developers and companies first so they can address the problems. "Currently, this list is only available to limited parties due to sensitivity," he wrote. "I have been in touch with MITRE and will follow up later with a listing of the CVE IDs for affected iOS applications of which data interception would be considered medium risk or high risk."
Strafach recommends that iOS users switch off Wi-Fi when in public to avoid untrusted connections. While the vulnerability does still exist on cellular connections, interception is much more difficult and unlikely.