Skip to main content
DEAL WATCH: Keurig K-Express | 22% off $69.99

Keurig has changed the face of coffee, and snagging one of these for less than $70 is a solid deal. Read Review

BUY NOW
Smartphones

CNN, ESPN, Slack Apps Among Those Vulnerable to Hackers

A crucial security feature is missing from many popular apps.

A typical app menu Credit: Flickr user "jasonahowie"

Recommendations are independently chosen by Reviewed's editors. Purchases made through the links below may earn us and our publishing partners a commission.

Maybe this sounds familiar: You go to log in to some app or service you haven't used in a while, but you've forgotten your password. You try a few from memory, but after three tries the service blocks you and informs you that you'll have to wait x minutes before trying again.

Frustrating, right? Certainly. But this simple security measure is a critical roadblock against hackers, who can use specialized software to repeatedly guess at your password—often trying hundreds or thousands of possibilities. It's called a "password brute force attack," and that annoying failsafe is essentially the only thing keeping a hacker from hijacking your account.

Dozens of hugely popular apps lack protection against brute-force attacks.

However, dozens of hugely popular iOS and Android apps currently lack protection against brute-force attacks. According to a report published this week by digital security firm AppBugs, these apps have been collectively downloaded up to 600 million times. It's a scary finding, particularly since the vulnerability is on the server side—it doesn't matter how complicated your password is, since the enemy can systematically check all possible combinations.

{{amazon name="Samsung Galaxy S6 SM-G920F Factory Unlocked Cellphone, International Version, 32GB, Gold", asin="B00U8KT62A", align="right"}} Included among the vulnerable apps are: CNN, ESPN, Slack, Expedia, SoundCloud, Walmart, iHeartRadio, AutoCAD, and Kobo. Fortunately, none of these services is likely to house your financial data, but the report is still indicative of a pervasive problem.

If you use any of these apps and (for whatever reason) are worried about the data stored within, it might be a good idea to hold off on using them until their security holes are filled. Even better, ask the developers to take action.

{{brightcove '4017455374001'}}

Up next