Researcher: iOS Apps Are Handling TLS Certificates Incorrectly

Tuesday Feb 7th 2017 by Developer.com Staff
Share:

Mobile development firms should double-check their use of encryption to make sure they are safeguarding user data.

Will Strafach, CEO of Sudo Security Group, says that he has found 76 iOS apps that are handling Transport Layer Security (TLS) certificates improperly, potentially allowing attackers to intercept user data. He says that some of the apps belong to "banks, medical providers, and other developers of sensitive applications." In all, the vulnerable apps have been downloaded 18 million times.

Apple requires mobile development firms to encrypt data using TLS, but Strafach says same apps are accepting invalid TLS certificates. Strafach is attempting to contact the developers involved in order to help them update their code. "Be extremely careful when inserting network-related code and changing application behaviors," he warned. "Many issues like this arise from an application developer not fully understanding the code they’ve borrowed from the web."

View article

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved