Tuesday, April 21, 2015

1500 applications for iOS exposed serious vulnerabilities

Last month, researchers reported the existence of the vulnerability FREAK in the cryptographic package OpenSSL, designed to work with protocols SSL / TLS (Secure Sockets Layer / Transport Security Layer). This vulnerability is purposefully created in the 90s by American software manufacturers that supply their products abroad. Thanks to her, you can force the application to use 512-bit encryption keys used now instead of a 2048-bit.As a result of these keys can be hacked by running special software to public cloud services.

Apple has released a patch for their operating systems, but also requires an update individual applications. The company analyzed SourceDNA catalog App Store and found that the application of the considered vulnerable around 1500. Some of them use the standard library OpenSSL, others - its own version.
According to the researchers, the use of vulnerability FREAK bears threat to security and privacy of users of mobile applications. The vulnerability exists in applications multiple categories, including finance, communication, shopping, business and medicine. For OpenSSL only for the last year is not the first large-scale found vulnerability: she had to Heartbleed and POODLE.
SourceDNA company launched its own online service that allows you to determine the presence of dangerous vulnerabilities in applications. According to the researchers, often under attack mobile clients related to banking and other financial transactions. In addition, of particular interest to hackers are medical and office applications. However, the purpose cyberhawks can become and "stealing" accounts in Facebook, VKontakte and other social networks.