Connect with us

Cybersecurity

Over 20,000 iOS Apps Vulnerable Due to Old SSL Flaw

Published

on

A firm that audits mobile apps in the Apple App Store and the Google Play Store made an interesting discovery last week: roughly 25,000 iOS applications are still using an old version of the AFNetworking library, which means they are vulnerable to well-known exploits in the SSL protocol that have since been fixed in an update of AFNetworking.

Programming is hard work, and occasionally when a core library is updated, it can take integral changes to change an application in order to comply with the new library. According to SourceDNA, a firm which runs various metrics including vulnerability and stability on the entirety of the iOS app store, updating the library was not enough to plug the holes, and now as many as 25,000 apps remain open to snooping, their SSL implementations being outdated and flawed.

Also read: Ning Doesn’t Believe in HTTPS: Major Vulnerability for 50 Cent’s Social Network

The biggest implication for users of these apps is that someone on the same network easily view data being transmitted to and from the phone. If they’re out at a coffee shop or anywhere else and using the free Wi-Fi, that is, they could have sensitive data stolen. Many apps, after all, require credit card information in order to make purchases.

Not the First AFNetworking Bug

68747470733a2f2f7261772e6769746875622e636f6d2f41464e6574776f726b696e672f41464e6574776f726b696e672f6173736574732f61666e6574776f726b696e672d6c6f676f2e706e67

Version 2.5.1 of AFNetworking had an equally disturbing flaw, where self-signed SSL certificates were considered valid. That could have led to all kinds of problems. The version was updated after six weeks, a long period in the hacking world. Since then, SourceDNA has been watching AFNetworking closely, hence the discovery of the new flaw, which had created a situation where domain name validation was off by default. According to the firm:

Domain name validation could be enabled by the validatesDomainName flag, but it was off by default. It was only enabled when certificate pinning was turned on, something too few developers are using. […] This meant that a coffee shop attacker could still eavesdrop on private data or grab control of any SSL session between the app and the Internet. Because the domain name wasn’t checked, all they needed was a valid SSL certificate for any web server, something you can buy for $50.

Since this flaw is specifically in AFNetworking, it specifically only affects users of OSX and iOS apps built using it. It seems that the library is more often utilized by mobile developers than desktop developers. According to SourceDNA, 25,000 apps which use AFNetworking have yet to upgrade from 2.5.2, which fixed the previous vulnerability, to 2.5.3, which fixes the more current pressing flaw. The firm recommends that any developer who is using AFNetworking update immediately to the latest version, but their urging will only yield so many results.

There are, for instance, abandoned apps likely enough on that list of 25,000, apps that no longer see any development. There are apps that are lower priority to the developers, as well. Which makes it up to the App Store how long they’ll give developers to update the software before the apps are temporarily pulled from the repository. Hacked will monitor the situation and continue reporting on it.

Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 2 rated postsP. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link




Feedback or Requests?

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Altcoins

Monero Price Analysis: XMR/USD Slips Below Crucial Daily Support Ahead of System Update

Published

on

  • Monero’s navitve token XMR is forced to breach a key area of support by the market bears.
  • XMR/USD was being support by an ascending trend line, running from 14th August.
  • The Monero foundation is scheduled for a routine network upgrade.

Monero Network Update

The Monero foundation is scheduled to update its network on 18th October, as a result this will be bringing a new hard fork to its token. They have been making it a routine process now, hard forking every six months. Their focus being on the likes of increased ring-size for more privacy, with large transactions and tweaking their proof of work algorithm.

In terms of this upgrade, the goal is to enhance efficiency and make some adjustments to the current proof of work algorithm. Ultimately, to make it resistant and curb the threat of ASIC mining. Developers at Monero will be implementing the new Bulletproofs protocol. This will see greater privacy, lower fees and faster verification. It will reduce transaction size by an estimated 80%.

Technical Review – Daily Chart

XMR/USD daily chart

XMR/USD slipped out to the downside from an ascending trend line. As a result, the market bears managed to push for a breach and daily close below on 7th October. The support had been running since 14th August, where the price hit a low of $76.739.  A retest has been seen and pressure is now gradually mounting on Monero’s XMR. In terms of support, the 50DMA has provided some initial comfort for now. Furthermore, the next major downside support is observed in a chunky demand area. This is seen tracking from $86 down to $76. Resistance will now be eyed at $116.550 area, underneath the breached ascending trend line. In proximity to the 100DMA, which may cause some difficulty for the bulls. Elsewhere, further to the north, resistance can be seen within the $125.000 territory. Finally, heavy supply is tracking from $140 up to $150.

Technical Review – 4-hour Chart

XMR/USD 4-hour chart

Despite the above-mentioned daily breakout from the supporting trend line, there is still some hope for XMR/USD in the near-term, because from looking at the 4-hour chart view, the price has been moving within a range-bound block. This narrowing area has been running since 26th September. Fortunately for the price, a fresh wave of selling pressure has been prevented for now.  The lower part of the mentioned range has proven to see some near-term support. Therefore, the protection has been observed from around $112 to the high $111 territory. Although, a breach of this area could see a fast fall back down to sub $100, last traded below here on 12th September. While further downside pressure could force a retreat back down to a firm demand zone. Eyes would be on $86-77 range for buying.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 5 (2 votes, average: 3.50 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 29 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Monero Price Analysis: XMR/USD Bulls Cooking Up Big Potential Moves

Published

on

  • XMR/USD price action surprisingly this week has been generally muted.
  • Current price behavior looks more favorable to see upside surprises, rather than any heavy selling pressure.

The Monero price this trading week has been somewhat muted. This comes as quite a surprise given the recent updates from the foundation. The foundation introduced the Maleware Workgroup, a huge step in efforts to protect the Monero community. Elsewhere, the foundation was also finally able to patch the ongoing ‘burning bug’ issue, which was proving to be a big problem. Full details of both developments posted in previous Monero article.

Near-term Analysis (60-Minute Chart)

XMR/USD 60-minute chart

Looking at the 60-minute chart for XMR/USD, it is very much clear to see how tight the trading range is. The vast majority of price action, aside from a couple of spikes here and there, has been swinging between $117 down to $111. This behavior has been observed since the bull run seen on 19th September, which was then paired after 23rd September fall.

Daily Chart View

XMR/USD daily chart

Price action is being supported by an ascending trend line on the daily chart. This has been running from 13th August, proving its strength. XMR/USD is currently stuck in between the 100DMA ($116.795), which is seen above, and the 50DMA ($110.877) below.  The price has seen a bounce on several occasions in September, off the trend line.

Next Move for Monero

The above-mentioned tracking ascending trend line is going to be vital in Monero’s recovery. Market bulls will need comfort, in case of another failed break down of above chunky supply area. This is seen tracking from $140-$150. There were several occasions in July and one in September, where the bulls failed to break this down. On each time the price has come into contact with this territory, it has been hit pretty hard by the sellers.

XMR/USD daily view

A breakout to the upside from the mentioned supply, could see a fast move towards $170, where some resistance can be seen. The price most recently found difficulty within this area at the early part of June. Enough bullish momentum should see it clear this territory, with $200 being reclaimed to the upside. XMR/USD was last trading above $200 back on 21st May.

Looking to the downside, a breach in the ascending trend line to the downside, could be catastrophic. Sellers would likely pile in with a high amount of volatility, sending the price down to sub-$100. The next chunky demand area is seen down within the $90-75 range. XMR/USD traded within this zone on 14th August, where the market managed receive a firm bounce.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 29 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Crypto Market Development: South Korea’s National Policy Committee Chair Calls For ICO Legalization

Published

on

  • A member of South Korea’s governing Democratic party and the chairman of Korea’s National Policy Committee, Min Byung-Doo, is urging to ease the current regulations on Initial Coin Offerings (ICOs).
  • Min Byung-Doo wants to introduce necessary regulatory framework, allowing ICOs in the country.

Allow ICOs In South Korea

The South Korean National Policy Committee Chief, Min Byung-Doo, is calling for a regulatory framework to be explored. This would be to allow for Initial Coin Offerings (ICOs) to take place within the country. He stated that the current prohibiting of ICOs weakens the industry’s competitiveness appeal with foreign markets. Further boldly adding, this would be preventing growth.

In his statement at to lawmakers, Byung-Doo said, “We can see that the flow of investment is clearly changing compared to ICO and angel fundraising. The ICO has raised $1.7 billion for Telegram and $4 billion for Block.One, it is getting bigger and bigger.”

Further in the statement, Min Byung-Doo said, “Let the government, the National Assembly and the blockchain association quickly create a working group to block fraud, speculation, money laundering and develop the block-chain industry,”. However, he acknowledged the government’s reluctance to create the needed framework.

In September 2017, the Financial Services Commission in South Korea announced a ban on ICOs. The law has not yet been enacted.

Crypto Market Reaction

A lack of reaction has been observed for now, despite this determination to help further legitimize the digital currency market in South Korea. Crypto market developments in the country are always watched very carefully. This is given their large crypto market participation. It was reported in December 2017 that South Korea accounted for as much as 17% of all Ethereum trades occurring in cryptocurrency markets.

Market Reactions To South Korean Related News

Ripple (XRP) crashed in January, following CoinMarketCap’s decision to remove XRP price data from Korean exchange desks. This as a result largely brought down the total average.

XRP/USD Coinmarketcap update triggered drop

On 11th January, Korean crypto exchange Coinrail was hacked, and over $40 million in tokens were stolen. Bitcoin initially dropped over 11% on this.

BTC/USD Coinrail hack triggered drop

One final example, UPbit, a South Korean exchange, was investigated by authorities for illicitly moving customer funds to the account of its executives. Bitcoin initially dropped over 7% on the news.

BTC/USD UPbit investigation triggered drop

Given the above mentioned, one should keep an eye on any developments coming out of South Korea, for the foreseeable future.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 29 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending