iPhone user data at risk from app vulnerabilities

Apple iPhone users’ personal data is at risk after a hacking exercise found vulnerabilities that allowed the device’s file system to be accessed through certain apps.

An ethical hacking exercise carried out on 10 file-sharing apps in iOS found that it was possible to hack into the iPhone’s file system and in one case upload and delete files from it.

Bruno Oliveira, senior security consultant at Trustwave, carried out the research on a number of apps, including Easy File Manager, WiFi HD Free, and FTPDrive, with others not able to be mentioned, according to ITWeb. He notes that although the vulnerabilities can easily be fixed, developers must do more to prevent problems before the app reaches the end user.

"The problem stems from a lack of experience from the application designers. Application designers should have penetration testing performed on their applications as part of the development process. Penetration testing helps identify security weaknesses within the applications so that developers can fix those weaknesses before they become available to the public,” Oliveira stated.

As far as businesses are concerned, Oliveira thinks they must make employees aware of the vulnerabilities that could be present in certain apps as these could put firms at the mercy of cyber criminals. In addition, companies should devise a security plan that will be able to continuously monitor and identify out of the ordinary activity on networks and applications as well as being able to isolate a mobile device from the network.

"Businesses should hold regular security awareness training for employees so that they can understand security best practices," Oliveira added.

Trustwave’s security experts have already found that there’s been a 400 per cent increase in mobile malware occurrences this year and Oliveira believes that app developers, not users, are the ones that have to make sure data breaches don’t occur.