Study Finds 282 iOS Apps Expose AI API Keys Through Network Traffic

Researchers found that 282 of 444 iOS AI apps leaked credentials through network traffic, with only 28 percent of developers fixing the issue after three months.

CSBadmin
2 Min Read

The Scope of the Leak

Researchers at Wake Forest University analyzed 444 AI chatbot applications on iOS and discovered that 282 of them, nearly two thirds, leaked access to paid AI services through their network traffic. The team used a custom built tool called LLMKeyLens that monitors app traffic to extract credentials without needing to jailbreak or decompile the applications. The exposed credentials fell into three categories: plaintext API keys sent in the clear, apps that routed requests through open backend servers with no authentication, and replayable tokens that were supposed to be temporary but were still valid when captured.

Productivity apps represented the largest group of vulnerable applications, while health and fitness apps showed the highest leak rate. Finance and medical apps notably did not leak any credentials. One affected app had more than two million user ratings. The leaks involved at least ten different AI providers, with OpenAI being the most common target.

Impact and Developer Response

The consequences of these leaks extend beyond stolen API keys. For 28 of the plaintext key apps, the same captured traffic also revealed the app’s hidden system prompts, exposing the proprietary instructions that define how the AI assistant operates. Stolen AI keys feed a practice called LLMjacking, where attackers use compromised credentials to run model requests on the developer’s account. Security firm Sysdig calculated that stolen credentials could generate more than $46,000 per day in unauthorized AI charges.

The researchers notified all 282 developers and waited three months for responses. Only 28 percent had clearly fixed the issue. Another 23 percent remained completely open with working leaked access. The rest had gone offline, become unreachable, or returned errors. Some token based apps showed particularly poor security practices. One popular app with over 100,000 ratings set its access token to expire in the year 2125. Another app’s one hour token was still functional 128 days after its stated expiration.

Source: The Hacker News

CSBadmin

The latest in cybersecurity news and updates.

TAGGED:
Share This Article
Follow:
The latest in cybersecurity news and updates.