Latest Posts

Is Car Insurance Mandatory for Used Cars? Here’s What You Need to Know

Used cars are often preferred by new drivers. Easy maintenance, lighter on the wallet, slower rate of depreciation, lower registration and insurance charges, lower...

Benefits and Drawbacks of a Group Insurance Cover

With mounting costs of medical treatments, a health insurance policy needs no second thought. In fact, health insurance plans have become a primary way...

How to Get the Best Personal Loan in 2021

Wondering how to finance your foreign degree, a dream wedding, big purchases like a branded laptop, or an emergency? Apply for an instant personal...

Finding Houses For Your New Property Business

Last time we looked at Market studies, one of the subjects to be researched turned into houses that might be present to be had...

Networking flaw opens ‘millions’ of iOS app users to data theft

According to a report, around 1,000 iOS apps are affected by a weakness in their mobile security, making it easy for attackers to access encrypted data like passwords, bank account numbers, and home addresses as they are being sent over the airwaves from security firms SourceDNA. Companies including Microsoft, Uber, and Yahoo all released apps affected by the flaw – they have now fixed them, but many others still have not updated their apps to a new secure version.

09dbcb48-73e8-4612-877d-24bca600d30b-2060x1236

Called AFNetworking, the code library was revealed to have a flaw in its implementation of SSL, the web security technology that allows sensitive data to be exchanged over the net. It was introduced in January and fixed in late March, but 1,000 apps are still running the vulnerable version. The affected apps all share the same code, available for free to help developers incorporate encryption into their programs.

An unknown number of apps running the vulnerable version will still be safe to use, however, since the flaw is only present if the app’s developers leave a specific setting unchanged from its default.

SourceDNA scanned all the free apps and the top 5,000 paid ones available on the iOS App Store to find apps that are still vulnerable. Out of the 1m-plus apps scanned, the firm found 100,000 which used AFNetworking; of those, 20,000 had been released since the vulnerability was introduced into the library.

“Our system then scanned those apps with the differential signatures to see which ones actually had the vulnerable code,” the company writes. “The results? 55% had the older but safe 2.5.0 code, 40% were not using the portion of the library that provides the SSL API, and 5% or about 1,000 apps had the flaw.

“Are these apps important? We compared them against our rank data and found some big players: Yahoo!, Microsoft, Uber, Citrix, etc. Microsoft, Uber, and Yahoo have since fixed their vulnerable apps, and users should update to the latest version, but Citrix, makers of a popular conference call software solution, remain vulnerable. It amazes us that an open-source library that introduced a security flaw for only six weeks exposed millions of users to attack.”

The company has created an online tool for developers to check if their own apps are vulnerable. Users can check whether they use an app that has been affected by entering the name of the apps’ publisher.

The AFNetworking vulnerability makes it easy for an attacker to crack a type of encryption called SSL. This is best known to most users as the technology that secures e-commerce transactions, typically marked with a padlock symbol in the browser bar. Still, it is increasingly widely used to protect user privacy against all sorts of attackers, from government eavesdroppers to identity thieves.

Without SSL or similar encryption, internet traffic can be intercepted through a “man-in-the-middle” attack, where an attacker routes traffic through their own computers to alter or steal it. A typical attack scenario would be against a customer browsing free Wi-Fi in a coffee shop. Still, there’s little technical difference between that and the systematic surveillance practiced by Western intelligence agencies.

Like the OpenSSL Heartbleed bug before it, which catastrophically broke millions of servers worldwide, the flaw in AFNetworking could raise questions about the longstanding assumption that open-source software (where the source code is public and can be reused freely) is inherently more secure. Despite the 100,000 apps using AFNetworking, the bug still took more than a month to be discovered.

Latest Posts

Is Car Insurance Mandatory for Used Cars? Here’s What You Need to Know

Used cars are often preferred by new drivers. Easy maintenance, lighter on the wallet, slower rate of depreciation, lower registration and insurance charges, lower...

Benefits and Drawbacks of a Group Insurance Cover

With mounting costs of medical treatments, a health insurance policy needs no second thought. In fact, health insurance plans have become a primary way...

How to Get the Best Personal Loan in 2021

Wondering how to finance your foreign degree, a dream wedding, big purchases like a branded laptop, or an emergency? Apply for an instant personal...

Finding Houses For Your New Property Business

Last time we looked at Market studies, one of the subjects to be researched turned into houses that might be present to be had...

Don't Miss

Planes, trains and automobiles: what transport has Hollywood forgotten?

Bicycles Premium Rush is a strange anomaly in bicycle movies because it deals with the reality of urban cycling. Every journey involves zipping between objects...

Google, Apple and Microsoft race to bring software to cars

Will buying a car soon involve questioning whether it is compatible with your smartphone? Google has announced a new "Open Automotive Alliance" (OAA), teaming...

Automobiles at Olympia

This year's show of the Society of Motor Manufacturers and Traders at Olympia certainly surpasses its predecessors in the excellence of artistry and the...

Trains, buses and automobiles

Londoners have a tempestuous relationship with transport, and Ken Livingstone will be an outlet for their anger or gratitude come May 1. Whatever you...

The Automobile Club of Egypt by Alaa al-Aswany review – a country on the brink of violent change

In the days before Egyptian President Hosni Mubarak was ousted in February 2011, Alaa al-Aswany, dentist, novelist, and founder member of the democratic movement...

Stay in touch

To be updated with all the latest news, offers and special announcements.