Security has become a huge focus, especially for the mobile industry, but a new report from AppBugs, a resource for testing security features for apps, paints a large security concern for many popular apps.
According to the company, many of the most popular applications available to download from the App Store are lacking in password security, insofar as they allow users to try to input a password as many times as they would like, without any restrictions. More secure apps would have a certain amount of times that a log-in attempt could be tried, before the individual gets locked out, or, even better, a new password has to be created by the account owner.
AppBugs wanted to test the most popular apps, so they selected apps with only password-protected web accounts associated with them, and only chose apps that had been downloaded one millions times or more. They selected a total of 100 applications, and of those 53 of them were revealed to have the password vulnerability. Of those, they include Wanderlist, iHeartRadio, Songza, Slack, Kobo, SoundCloud, AutoCAD 360, Walmart, Expedia, WatchESPN, Dictionary, CNN, Pocket, and Zillow.
The security firm gave the developers 30 days to respond and fix the security issue. Of the listed apps above, according to the security firm, only Dictionary, Pocket, and Wunderlist have fixed it. AppBugs will publish the rest of the list on July 30.
A brute force attack, which these apps would be vulnerable to, recently made the news cycle when Apple’s own iCloud service was attacked, and a massive breach resulted in the leak of dozens of celebrity photos. It’s good that some companies have responded and fixed the problem, and considering the high-profile nature of these popular apps, one would imagine that the developers behind them would be quick to fix the security flaw.
Do you use any of these apps?
No comments:
Post a Comment