Dozens of popular Apple Inc. iOS apps contain serious security flaws that make them vulnerable to data interception, security researchers at Verify.ly have discovered.

Some 76 apps, which included browser apps, news apps and various virtual private networking apps, were found to be open to a silent man-in-the-middle attack, a form of attack that allows a hacker to eavesdrop over a network and spy on the data the app sends.

Apps named as being vulnerable include Snap Upload for Snapchat, VICE News, Trading 212 Forex & Stocks, Private Browser, Cheetah Browser, and Code Scanner by ScanLife. The 76 apps are estimated to have been downloaded by users 18 million times. According to Verify.ly founder Will Strafach, 33 of the vulnerable apps are categorized as low-risk, while 24 are in the medium-risk group and 19 are high-risk.

Disturbingly, Strafach explained, all that a hacker needs to intercept data is a Wi-Fi connection. “The truth of the matter is, this sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use,” Strafach wrote. “This can be anywhere in public, or even within your home if an attacker can get within close range.”

Strafach added that Verify.ly’s system has shortlisted hundreds of other applications that are likely to have a similar vulnerability as well. Notably, this isn’t the first time iOS apps have been found to include this vulnerability. IOS apps including Kaspersky Safe Browser, Experian and Dell SecureWorks were previously found lacking in their security.

A fix to the apps is ultimately up to developers. But Strafach notes that users can do one simple thing to protect their data: turn off their WiFi connections when in public, since data interception over a cell network is far more difficult for a hacker to undertake.

Photo: wrongdude/Flickr/CC by 2.0