Apple Inc. (NASDAQ:AAPL) – one of the most-popular stock plays by hedge funds we track – did not include certain security measures when it launched its App Store for consumers who access the marketplace over Wi-fi networks. But a huge vulnerability in the connection has prompted Apple to make some changes by adding encryption. While in itself that isn’t much news, it is all about timing in this case – the vulnerability was brought to Cupertino’s attention more than six months ago, and it’s possible that quite a few hijacks of App Store visitors’ connections may have occurred in the meantime.
Apple Inc. (NASDAQ:AAPL) so far has not commented as to why it took so long to fix this, but the vulnerability is pretty significant. It was discovered by a security researcher at Google Inc. (NASDAQ:GOOG) who noted this opening during his spare time, and it allows hackers to potentially hijack Wi-fi connections to the App Store, steal passwords and possibly install very expensive or unwanted applications, and compromised user privacy because the unencrypted connection revealed lists of downloaded applications on the connected device.
Attackers who are connected to the same public Wi-fi network as the device can install applications without consent, some of which list prices as high as $1,000 – which can be problematic for the device user, as Apple Inc. (NASDAQ:AAPL) has a policy to not offer refunds. Apple did post recently that it has changed the Wi-fi security connections by adding HTTPS by default to provide mobile encryption.
Elie Bursztein, who introduced the vulnerability to Apple Inc. (NASDAQ:AAPL) in July, said, “Many companies don’t realize that HTTPS is important for mobile apps,” he said. “Providing a concrete example seems a good way to attract developer attention to the issue.”
What are your thoughts about this vulnerability and what do you think this means or reflects on Apple Inc. (NASDAQ:AAPL)? We’d like your thoughts in the comments section below.
DISCLOSURE: I own no positions in any stock mentioned.
Please see these related AAPL articles: