Three Security Vulnerabilities For iPhone Users
Recently, we’ve concentrated on the various threats associated with Android devices and their users. But there are security threats for Apple device users to concern themselves with also. With more than 300-million active iPhones in use today, Apple products make an attractive target for cyber criminals. At the Bullguard blog, Steve Bell revealed three of the most troubling security vulnerabilities associated with iPhones. These vulnerabilities come from studies focusing on banking apps specifically, but also suggest other potential security flaws in other downloaded apps.
- SSL Certificates
In order to secure connections between a web server and a browser, SSL certificates are used. These are small data files that contain a cryptographic key protecting the information being transmitted. This presents man in the middle attacks because if the data is intercepted without the proper key, it will remain encrypted. About 40-percent of the banking apps examined failed to validate the authenticity of SSL certificates used during transactions. That means any criminal who is able to intercept the data being transferred would be able to steal it and read it. Considering what type of valuable information you would commonly transmit using a banking app, that’s extremely troubling.
- JavaScript Injections
Half of the apps studied were found to be vulnerable to JavaScript injections, which are able to inject JavaScript code into websites. This particular vulnerability exists in a Safari component that allows for web content to be embedded into apps. Through this vulnerability, attackers would be able to send text messages and make phone calls from your iPhone.
- Unprotected Links
Many apps contain links that take users out of the app and onto the open web. These links can cause problems of their own if not properly implemented. In this study, nine out of ten of the banking apps contained non-SSL links to otherwise legitimate and trusted websites. Without the protection of encryption, however, these links are incredibly vulnerable to attacks. Data transmitted after following those links could be intercepted and criminals could even reroute users to a spoofed site in order to steal log-in credentials.
Apple’s iOS is considered a well-crafted, essentially secure environment, but vulnerabilities still exist with the introduction of apps. Though these apps may be found in the official App Store, they can still contain flaws that compromise your entire iPhone’s security.
If your having issues with your iPhone, or any of your devices, bring them to Geek Rescue or call us at 918-369-4335.
January 24th, 2014