Armed with a pretend wi-fi hot spot and the right software, the researchers were able to capture details including logins for email and other accounts and bank details and insert their own malware, which gave them control of the app and the data it gathered and shared. The researchers have not revealed the names of the apps in question.
As these apps are most vulnerable when used in conjunction with a non-secure connection, authors of the study followed up their findings with a survey of 745 subjects to see if they understood the risks of using a public -- i.e. unsecured or unprotected -- internet connection, such as a public wi-fi hotspot. The survey found that while most respondents believed that they were quite tech savvy, 47.5% of subjects who did not work in IT were unable to tell when a connection was secure or insecure.