After analyzing application binaries through the verify.ly platform developed by Will Strafach, it was discovered that there are at least 76 very popular applications that do not guarantee the security of user data. One of these apps is Paypal. Moreover, it was also published in a Medium post by Sudo Security Group CEO Will Strafach, who revealed that the apps failed to make use of the TLS protocol. In all, 76 applications are just the part of a “blacklist” about data security. These apps are organized into three categories: low, medium, and high risk. The author of the study did not disclose the names of all the vulnerable apps but highlighted some applications such as the Paypal, Kaspersky Safe Browser and Dell SecureWorks. Another curious fact is that these apps have already been downloaded more than 18 million times from the Apple store.
Some apps with low risk
OoVo – Free Video Call, Text and Voice VivaVideo Snap Upload for Snapchat Uconnect Access Volify
Medium and High-Risk Apps
Experian Dell SecureWorks Cisco WebEx Paypal MyFico Kaspersky Safe Browser
But what is the problem with these apps? When network protocols were created, one would hardly imagine that one could get to what is now in this giant world of the Internet. In addition, security protocols have been forgotten and were subsequently created and adopted to ensure the confidentiality and integrity of communications. The SSL developed by Netscape was one of those protocols and was later standardized by the IETF and gain the designation Transport Layer Security (TLS). In practice, SSL / TLS ensures the security of TCP connections by offering a set of security mechanisms.
The security issue with most applications lies precisely in the SSL / TLS protocol, which guarantees the authenticity, confidentiality, and integrity of messages exchanged between client and server. Without this protection, communications become vulnerable, since it becomes possible to listen to communication through attacks, called man-in-the-middle attacks. The blame seems to be on the side of programmers, who have produced code that allows the TLS protocol to accept invalid digital certificates. So, for now, we strongly recommend you to not use any of these mentioned applications in public Wifi hotspots simply to maintain your security or privacy.
Δ