On October 29, 2013, the New York Times published an article written by Nicole Perlroth, titled “New Vulnerability Found in Apps Using Wi-Fi” (http://bits NULL.blogs NULL.nytimes NULL.com/2013/10/29/new-vulnerability-found-in-apps-using-wi-fi/?ref=technology&_r=0). This finding ought to add a heightened level of risk to activities average consumers consider for their online communications needs.
This vulnerability is specifically linked to the iOS O/S, and Apps built for it. There isn’t much new about the technical objective behind this exploitation method. It amounts to another attempt to insert a “man in the middle”, between App users and their data sources and servers. If successful, this exploit can masquerade as a legitimate data source. If successful, this exploit can be used to serve erroneous, misleading information to users engaged in financial transactions — like stock trading — with potentially disastrous results.
Hopefully the revelation of this new serious risk will prod App consumers to put the breaks on some online activities actually fraught with very dangerous risks. Further, whereever possible, App consumers should use a hard wired connection to the network. This is not to say a hired wired connection is inherently more secure than a wireless one, but the extent of risk is more limited and, of most importance, more manageable.
One would also hope Apple would take steps in the aftermath of these findings to quickly contribute to a method of patching this vulnerability. While the Wi-Fi protocol is a data communications standard maintained by the IEEE, it, nonetheless, can plague any/all manufacturers building solutions around it, should vulnerabilities like this one arise. One would imagine Apple will move very quickly to repair this issue.
The upside, if there is any to be found here, lies in an opportunity for resurgence of interest in a multi-protocol networking environment. Certainly, in a world where there were more options for mass market consumption of data services offered with dissimilar protocols, users would have an added layer of security to depend upon.
Ira Michael Blonder (https://plus NULL.google NULL.com/108970003169613491972/posts?tab=XX?rel=author)
© IMB Enterprises, Inc. & Ira Michael Blonder, 2013 All Rights Reserved