Number:IRCNE2014042156
Date: 2014-04-12
According to “computerworld”, Android and IOS mobile applications are just as vulnerable to the Heartbleed bug as websites are, security vendor Trend Micro warned in a blog post on Thursday.
Because of the threat, consumers should avoid making in-app purchases via their mobile devices until permanent fixes are available for Heartbleed, the company said.
According to Trend Micro, a scan of about 390,000 applications on Google Play uncovered about 1,300 apps that connect to servers vulnerable to Heartbleed.
Among those at risk are more than a dozen banking apps, about 40 payment apps and 10 online shopping apps.
The company said it also found several popular apps to be vulnerable. because they connect to servers likely compromised.
"We also found several popular apps that many users would use on a daily basis, like instant messaging apps, health care apps, keyboard input apps -- and most concerning, even mobile payment apps," Trend Micro said. "These apps use sensitive personal and financial information."
JD Sherry, vice president of technology and solutions at Trend Micro, said the company did not perform a similar scan of applications available via Apple Store. But there is no doubt many of them are also at risk, he said.
Even applications that do not support in-app purchases are at risk if the application connects to an online server that is vulnerable. "For example, your app could ask you to 'like' them on a social network, or 'follow' them on yet another for free rewards'' and eventually lead users to a vulnerable server.
- 5