Scores Of iOS Apps ‘Vulnerable To HTTP Hijacking’
Simple flaw could allow hackers to direct iOS users to nasty websites, says Skycure
iPhone users could be in danger thanks to a simple flaw affecting a plethora of iOS applications, which attackers could leverage to send victims to whatever server they choose.
The problem lies in the 301 Moved Permanently HTTP standard response, which lets developers easily change the URLs apps use to update and is often used when domains need changing or websites are being merged.
Security firm Skycure discovered a man in the middle, an attacker sitting between the user and an application’s server, could use the 301 API vulnerability to return requests and replace URLs with malicious web addresses.
iOS threat
In many cases, during a Skycure test, iOS applications cached the malicious URL. That meant that even when the victim left the open network and the man in the middle was nowhere to be seen, the app would still connect to the malicious server.
If a hacker could execute further code from the URL, they could gain further control of a victim’s iPhone.
Skycure said attacks exploiting this weakness would be “seamless”, as most mobile apps do not visually indicate the server they connect to, something that browsers do.
Worryingly for consumers, there appear to be only two ways to fix this: carry out a repeat attack to change the URL back to the legitimate server, or delete the app and re-download it – but that could mean losing any data in that app.
The attack method was labelled HTTP Request Hijacking and Skycure estimated 90 percent of iOS users run at least one vulnerable app on their device. It would not name vulnerable apps, due to concerns over exploitation in the wild.
“Attackers will start to infect people attack by attack,” said Adi Sharabani, Skycure’s CEO, during RSA Conference 2013, taking place in Amsterdam this week.
“They can later decide how to change flow and logic of attacks.
“Timing is very important to attackers. That’s why we’re very concerned about this.”
Research on Android apps has not been finalised yet, so it is not clear whether applications on Google’s platform are affected by the vulnerability.
What do you know about Internet security? Find out with our quiz!