German experts point out security breach in apps with Twitter
Numerous applications (apps) for iPhone and iPad that include communication via Twitter have serious security problems, warned experts in Germany today
Researchers at the Fraunhofer Institute for information technology security warned specifically against applications that contain the TwitterKit module for iOS 3.4.2, as their vulnerability can lead to identity theft, account abuse and data loss.
Among the 2,000 applications of the most used iOS operating system in Germany there are 45 affected by this problem. The researchers did not want to mention them specifically so as not to violate the principle of “responsible disclosure.”
Through this process, the company affected by the security problem is informed first to give it time to resolve the issue, usually 60 days. After that time, the inconvenience is made public.
The security error discovered now affects the interface with Twitter, which does not read the SSL encryption certificate correctly. That way, they can enter aggressors in the communication and see private data such as protected tweets or direct messages from that Twitter account or even tweet on behalf of the user.
“Beyond that, you can attack any application that uses the TwitterKit to offer a login via Twitter,” experts said. Twitter, meanwhile, will not deal with resolving this issue, as the technical support for TwitterKit expired a year ago and for some time now that iOS application developers have alternatives.
Source: dpa
