GO BACK TO BED. Today you can't even trust 76 popular apps on Apple's App Store because they are vulnerable to man in the middle (MITM) attacks. This is the end of us, and the end of days. We are just broken by this, this is the final straw.
You know the iPhone? It brings so much joy to people. It is a portal to a world of exciting apps as well, and through its shiny screen awaits a world of opportunity. Or so we thought.
It turns out that there are more than fifty, but less than 100 popular apps on iOS that do not meet with the kind of security standards or best practices that consumers who need to apply filters to photos of their cats need.
Don't blame us for the bad news. Thank Will Strafach, president of Sudo, a company that scans application code and offers a security assessment of it. The problem with these kinds of services is that slapdash outfits do not subscribe to them, and ultimately are exposed when they are promoted. This is where we find ourselves.
"During the testing process, I was able to confirm 76 popular iOS applications allow a silent man-in-the-middle attack to be performed on connections which should be protected by TLS (HTTPS), allowing interception and/or manipulation of data in motion," said Strafach when he delivered his bad tidings.
"According to Apptopia estimates, there has been a combined total of more than 18,000,000 (Eighteen Million) downloads of app versions which are confirmed to be affected by this vulnerability."
18 million? We should have put that in the headline. Still, it is only an estimate. More immediate is the real threat of the vulnerability. Strafach let off a warning.
"There are many potential avenues along the network path for this vulnerability class to be exploited in order to intercept and/or manipulate data. While it is certainly possible for an ISP or a rogue WiFi provider to be the attacker, that is unlikely in most Western regions, and is not considered to be a serious risk," he said.
"With regards to this sort of man-in-the-middle attack, a common analogy makes a reference to using the WiFi connection within a coffee shop, or an airport, but lately I am starting to dislike the analogy as it is easy to misunderstand and minimise the perceived potential for attack. The truth of the matter is, this sort of attack can be conducted by any party within WiFi range of your device while it is in use."
There is a list of the vulnerable applications online. You should be grateful that we haven't split the whole thing out over 76 pages. µ
Windows 10, 64-bit OS devices susceptible to rootkit attack
Malware suite likened to Stuxnet worm
Not the biggest fish out there
Redmond says figure is closer to the five million mark