In addition to capturing regular passwords, man-in-the-middle attacks can be used to intercept one-time passcodes offered by traditional two-factor authentication systems.

FORBES: Google Reveals Details About Its Plan To Fix Password Security

These apps failed to implement standard scrambling systems, allowing "man-in-the-middle" attacks to reveal data that passes back and forth when devices communicate with websites.

BBC: Android apps 'leak' personal details

But apps written to the protocol can be vulnerable to denial-of-service, session hijacking, and man-in-the middle attacks over the Internet, as well as an attacker actually able to "watch" the transactions, says David Goldsmith, CEO of Matasano Security, who will present the firm's new research on FIX at the upcoming Black Hat USA briefings later this month.

FORBES: Magazine Article