Security online is never a simple thing to get right, but there are some things that developers can do to try and limit the exposure of both themselves and their users. Unfortunately, according to a new report, some of the biggest apps both on iOS and Android are leaving their users potentially open to problems.
The new problem, discovered by security experts AppBugs, stems from the fact that some of the mobile world’s biggest apps don’t limit the number of sign-in attempts that can be completed, meaning hackers can run through massive numbers of potential passwords when trying to gain unauthorised access to an account. Best practice is to limit the number of attempts when inputting an incorrect password in order to prevent brute force attacks, but with that approach meaning accounts can get locked out during an attack, some developers choose not to implement such security features.
It’s the lack of controls over the number of attempted logins that is believed to have been behind last year’s iCloud security breach which saw some celebrities have their private photos stolen and then distributed online, and while Apple has since stepped up its own security, not everyone has followed suit.
After initially discovering the security floor and giving developers 90 days to put it right, AppBugs has now outed some of the apps it has concerns about, with big names such as CNN, ESPN, Slack and SoundCloud all vulnerable, as are Walmart and Domino’s Pizza. Wunderlist and Dictionary were found to be affected, though those apps have been updated to remove the floor.
The addition of rate limiting the number of log-in attempts may have some drawbacks, but they outweigh the problems caused by compromised accounts. AppBugs will be hoping that the added spotlight created by outing the apps will see them receive updates sooner rather than later, and we can only hope that as well.
Before someone takes advantage of the problem.