Beware of iOS app vulnerabilities when on WiFi

We know WiFi is insecure. When logging onto any open (often public and free) unencrypted WiFi, your data is there for all the snoopy snoopers to see and download for their own personal gain.

But now researchers have found a whole new hack for you to protect yourself from. When iPhone users launch an application, the app sometimes has all its data right there on the device. But more often, the app is talking to its home server, meaning it’s calling home, and will download what you need on demand. An example would be a weather application that is definitely getting all its data from the app’s home server, while a game might have everything it needs on the device.

Still, even in the case of the game, there still may be ads on the game, and those would be streamed to the app. Researchers discovered that there seems to be an issue within iOS that allows for hackers to manipulate the server address the app calls out to in a way that allows the attacker to change the URL address to one that serves up malicious links that would download to the iOS device.

Currently, it is not known if criminal hackers are using this exploit; there are no known reports. The hopes are that Apple will make a quick fix and patch this vulnerability before attackers latch onto it.

Meanwhile, you should only download applications from trusted sources such as Google Play or iTunes—and only use a secure wired or wireless connection when going online. A VPN such as Hotspot Shield VPN will protect users data from the snoopy snoopers…but until Apples fixes this issue, all users are vulnerable. 

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

More Like This

Comments

In order to comment on BlogHer.com, you'll need to be logged in. You'll be given the option to log in or create an account when you publish your comment. If you do not log in or create an account, your comment will not be displayed.