During an iPhone security testing process, Will Strafach, CEO of Sudo Security Group, found that dozens of iOS applications could expose users to silent interception data, while a total of 76 apps may contain data that can be intercepted and manipulated.
Strafach reported the most important findings in a recent Medium article. He wrote that the tested applications become vulnerable primarily when the iPhone is connected to Wi-Fi. It’s caused due to security hole “derived from networking-related code within iOS applications being misconfigured in a highly unfortunate manner.” Other key points include that 24 of the apps were medium risk, 19 of the apps were high risk, and 33 of the apps were low risk.
The 19 high risk applications are vulnerable to exposing financial information and access to medical login credentials. The 24 medium risk iOs applications are at risk of leaking service login credentials, while the remaining 33 low-risk iOs applications are vulnerable to exposing email addresses and login credentials.
Although Strafach decided not to post the current applications that place iPhone users at his risk (he listed past vulnerable applications were previously made public on his Medium story), he urged people to use cellular data only, even in a place that offers Wi-Fi. To ensure your phone is set to cellular data only, go to the iPhone “Settings” and make sure that the “Wi-Fi” switch is turned off. This should be prior to going anywhere that offers public Wi-Fi access. It’s much for difficult to hack an iPhone using cellular data.
He also wrote that the the “App Transport Security” feature offered by iOS “does not and cannot” block vulnerabilities.