Tons of popular apps can have their passwords cracked

According to AppBugs many popular apps on iOS or Android are vulnerable to password cracking. Very big name apps such as Walmart, ESPN, Pocket, CNN, Slack, SoundCloud, etc. Appbugs testing suggest these apps are subject to brute force attacks. That means an attacker can make unlimited login attempts to a web service until the users password is found.

AppBugs found 53 mobile apps (Android and iOS) that can be brute force attacked which impacts nearly 600 million users. The time it takes a hacker to steal your password is quite quick too.

According to this study on 70 million passwords, the strength of user passwords typically contains 10-20 bits of security. This means that it only takes the attacker 1024-1048576 guesses to find the correct one. Assuming the attacker makes login attempts to the vulnerable service 30 times per minute, it takes him half hour to 24 days to guess a password, depending on the strength of the target password. This is a scary estimate. Attackers have no problem launching the attacks from multiple IP addresses on multiple user accounts in parallel and often can make guesses more than 30 times per minute. If today the attacker launches such attack against most user accounts in parallel, he will be able to get most user passwords within 24 days.

As far as protecting yourself from these types of attacks it’s basically impossible. The attacks are at the server level and only the company can decide whether or not they want to protect it. Even if you have one of the listed apps installed on your device and uninstall it your login credentials are still stored on their server and can be cracked. AppBugs recommends disabling the account and to contact the developer of the app if you have any questions on doing so. If you love the app and still want to use it remember to change your password to something over 20 characters. However, at the end of the day this will only slow down the hacker and not stop them. Two-factor authentication is also a good thing to have on, but AppBugs says most of the apps affected do not support it.

Source: AppBugs

Come comment on this article: Tons of popular apps can have their passwords cracked