The app you downloaded on your phone a few days ago may be working well and, perhaps, solving an important problem for you. But that might land you in trouble too if developers of some apps do not respond quickly to patch critical secure sockets layer (SSL) vulnerabilities.
Intel Security has said any failure could adversely impact millions of mobile phone users. In the McAfee Labs Threats Report: February 2015, the firm said mobile app providers have been slow to address the most basic SSL vulnerabilities.
The Computer Emergency Response Team (CERT) at Carnegie Mellon University (the US) released a few months ago the list of mobile apps possessing this weakness, including apps with millions of downloads to their credit.
McAfee Labs tested the 25 most popular apps on CERT’s list of vulnerable mobile apps last month. It found that 18 still have not been patched despite public disclosure.
The Internet security solutions firm simulated man-in-the-middle (MITM) attacks that successfully intercepted information shared during supposedly secure SSL sessions. “The vulnerable data included usernames and passwords and in some instances, login credentials from social networks and other third-party services,” the report pointed out.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.