Great Motorola Edge deal on Amazon!

Report: Developers need to stop brute force attacks by limiting sign-in attempts

By Alan F.
4comments
iOS Android Apps
Report: Developers need to stop brute force attacks by limiting sign-in attempts
A report from security firm AppBugs says that developers of some of the most popular iOS and Android apps are leaving their subscribers vulnerable to getting their passwords hacked. The problem is that by not putting a limit on log-in attempts, hackers can use brute force attacks to discover users' passwords. These attacks take advantage of the lack of limits by using a computer to go through every possible combination until the correct password is found.

AppBugs found 53 mobile apps for iOS and Android that aren't protected from brute force attacks. This means that over 600 million iOS and Android users are at risk. Some of the popular apps that won't stop brute force attacks include iHeart Radio, Watch ESPN, Expedia, CNN, SoundCloud and Walmart just to name a few.  A study conducted on 70 million passwords found that depending on how strong a particular password is, using a brute force attack can net a hacker the correct password in 30 minutes to 24 days. But that is based on the use of one computer. Hackers usually employ multiple computers which results in some pretty scary figures.

If you are concerned about the apps you are using now, not using the app or uninstalling them will not help since your information remains on the app's server. According to AppBugs, you should disable any apps that are open to brute force attacks. You might have to contact the developer since there are different methods to disable each app. There is another thing that you can do, and that is to make your password harder to discover by using more than 20 characters to create it. That won't eliminate the threat from a brute force attack since your password can be eventually discovered anyway. But by using over 20 characters to create your password, you are buying some time since it will take longer for the correct combination to be found.

Recommended Stories
Ultimately, if enough consumers complain, developers might be concerned enough to limit the number of sign-in attempts, or use a two-step verification process that will prevent brute force from stealing passwords.

source: AppBug via RedmondPie

Recommended Stories

Loading Comments...

Popular stories

Even longtime T-Mobile customers will have to put up with slow internet speed policy
Even longtime T-Mobile customers will have to put up with slow internet speed policy
Two more companies want FCC action against T-Mobile for interference from 5G
Two more companies want FCC action against T-Mobile for interference from 5G
The 51 million customers affected by the AT&T data breach are getting free protection for 12 months
The 51 million customers affected by the AT&T data breach are getting free protection for 12 months
Make your Galaxy fingerprint scanner unlock faster as Samsung fixes what One UI 6.1 broke
Make your Galaxy fingerprint scanner unlock faster as Samsung fixes what One UI 6.1 broke
iPhone users warned to disable iMessage temporarily to avoid getting hacked
iPhone users warned to disable iMessage temporarily to avoid getting hacked
T-Mobile will soon have another reason to gloat
T-Mobile will soon have another reason to gloat

Latest News

Verizon's Visible introduces annual plans with discounts up to 26%
Verizon's Visible introduces annual plans with discounts up to 26%
Comcast launches NOW, low-cost and prepaid brand for data, TV, and WiFi hotspots
Comcast launches NOW, low-cost and prepaid brand for data, TV, and WiFi hotspots
Apple tipped to reduce display size of iPhone 17 Plus
Apple tipped to reduce display size of iPhone 17 Plus
Google Photos working on an option to hide your downloaded memes and other UI tweaks
Google Photos working on an option to hide your downloaded memes and other UI tweaks
Hurry up and snatch Amazon's jumbo-sized Fire Max 11 tablet at its biggest discount yet
Hurry up and snatch Amazon's jumbo-sized Fire Max 11 tablet at its biggest discount yet
Memes of the week: Crazy Pixel leaks, OnePlus feels the heat in India, and more!
Memes of the week: Crazy Pixel leaks, OnePlus feels the heat in India, and more!
FCC OKs Cingular\'s purchase of AT&T Wireless