Man-in-the-middle attacks target mobile apps

With a large number of popular mobile apps recently listed as vulnerable to inception, why is security not a higher priority for app designers?


Mobile security should never be overlooked by app designers.

The developers of a mobile app analysis service recently released details of more than 70 popular mobile apps discovered to be vulnerable to silent interception.

While over 30 apps were listed by Sudo Security Group and classified as having a low level of vulnerability, the names of those in the mid-to-high vulnerability range are yet to be disclosed. This is to prevent would-be hackers from capitalising on the opportunity before the security issues are understood and fixed. 

As for the method of interception, the attack on an individual's privacy and mobile security comes in the form of a man-in-the-middle attack.

Over 70 popular mobile apps have recently been exposed as vulnerable to silent interception.

What is a man-in-the-middle attack?

A proxy is used to relay information between two parties. Proxies are commonly known in the form of Virtual Private Networks (VPNs) and are used by many individuals to access the internet while maintaining privacy and anonymity. A man-in-the-middle attack is essentially a malicious proxy that allows a cyberattacker to intercept and potentially alter the information between two parties.

Why are mobile apps at risk?

Weak security on mobile apps is unacceptable, given how often they are downloaded and the number of people who would potentially use them on unsecured or public Wi-Fi networks. In the release by Sudo Security Group, CEO Will Strafach details the extent of the threat:

"According to Apptopia estimates, there has been a combined total of more than 18,000,000 downloads of app versions which are confirmed to be affected by this vulnerability," he said. 

Data protection is vital when using public Wi-Fi.Data protection is vital when using public Wi-Fi.

The 33 apps in the low-risk segment offer a cyberattacker only partially sensitive analytics data about the device, email addresses and login credentials. Those in the higher bracket, however, could allow for the interception of personal, financial or medical service login credentials.

What can you do to protect your data?

The most common advice to prevent this type of attack is to refrain from using unsecured or public Wi-Fi. However, this is unreliable as an attack can still be orchestrated by anyone within Wi-Fi range of your device. The most secure way of protecting your communications and data transfers is to use a service that provides military-grade encryption of all information

SafeSwiss applies military-grade encryption to all voice calls, text chat and digital data transfers on a number of systems including Android, iOS, Windows and MacOS. A unique key specific to the user's communication device is generated, and no copies of the key exist on any other devices or are stored on any server.

With SafeSwiss, your business stays your business.