HackDig : Dig high-quality web security articles for hacker

Thousands of Android & iOS Apps Still Vulnerable to FREAK Flaw

2015-03-19 23:50

 

A recent study found that more than 2,000 apps in the Apple App Store and Google Play Store are still vulnerable to FREAK – a widespread security flaw discovered earlier this month.

Attackers exploiting the vulnerability can intercept HTTPS connections between vulnerable users and servers, thus forcing them to use weakened encryption, which can then be broken or manipulated to steal sensitive data.

The analysis revealed that after scanning nearly 11,000 of those most popular Google Play Android apps amounting to 6.3 billion downloads, 1,228 used a vulnerable OpenSSL library to connect to the vulnerable HTTPS servers.

On a less severe scale, 771 (or 5.5 percent) of the 14,000 iOS apps scanned connected to vulnerable HTTPS servers.

“FREAK is both a platform vulnerability and an app vulnerability, since both iOS and Android apps may contain vulnerable versions of the OpenSLL library themselves,” explained the group of security researchers.

The researchers note that even when vendors rolled out updates to patch the bug, such as Apple’s iOS 8.2 release on March 9, apps connecting to servers that accept RSA_EXPORT cipher suites are still left unsecured.

“As an example, an attacker can use a FREAK attack against a popular shopping app to steal a user’s login credentials and credit card information,” explained the researchers.

Other apps in security- and privacy-sensitive categories include apps downloaded for medical tracking, productivity, finance, and photo and video.

The security company did not disclose which apps in particular remained vulnerable.

“Mobile apps have become important frontends and valuable targets for attackers. We encourage app developers and website admins to fix this issue as soon as possible,” said the researchers.

 


Source: /gzuZPnQd819/3~/ytiruces-fo-etats-eriwpirt/r~/moc.elgoog.yxorpdeef

Read:2766 | Comments:0 | Tags:Latest Security News Android Apple apps FREAK mobile IOS

“Thousands of Android & iOS Apps Still Vulnerable to FREAK Flaw”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud