Earlier this year, Will Strafach, chief executive at Sudo Security Group, set out to see which popular iPhone apps were vulnerable to man-in-the-middle attacks, which allow attackers to intercept data as it's being passed from a device to a server. The apps accepted any certificate to establish an encrypted connection. Not a good idea. It's been over three months and ZDNet reports that only two popular high-risk apps have been fixed. According to the report, "Several banking apps, including Emirates NBD and 21st Century Insurance are still vulnerable to having the customer's username and password intercepted if the apps were subject to a man-in-the-middle attack." The recommended action is to use your data plan instead of Wi-Fi or don't use the app at all.
E-mail: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology