ID: IRCNE2013122034
Date: 2013-12-04
According to “InternetNews”, Bruno Goncalves de Oliveira, senior security consultant at Trustwave, explained that he conducted research into a number of Apple iOS file sharing apps that are commonly used by Apple iPhone and iPad users as an easy way to share pictures, documents and other types of content.
With a file sharing app, the user is essentially opening up the iOS device to accept inbound connections from other users, enabling access to content. The problem, according to Oliveria, is that many of the file sharing apps include a Web server component, which typically is not properly secured.
"So the user starts the file sharing application, which then starts a Web server on the device," Oliveira said. "Anyone can then upload and share files."
Oliveira added that the apps he surveyed lacked basic security features such as encryption and user authentication, which either were not present at all or not enabled by default. All modern Web transactions can and should be secured by Secure Sockets Layer (SSL) encryption, which is what the mobile file sharing apps that Oliveira analyzed were missing.
Going a step further, many of the surveyed apps did not require any form of user authentication by default. As such, anyone who can find the device on the network can get access to the file sharing app.
- 2