Researchers
at mobile security vendor Skycure have discovered many iPhone apps are
vulnerable to HTTP request hijacking attacks that could permit a hacker to use
the app to load malicious content.
The company Skycure
stated, “"While the problem is generic and can occur in any application that
interacts with a server, the implications of HRH [HTTP request hijacking] for
news and stock-exchange apps are particularly interesting," blogged
CTO Yair Amit. "It is
commonplace for people to read the news through their smartphones and tablets,
and trust what they read. If a victim’s app is successfully attacked, she is no
longer reading the news from a genuine news provider, but instead phoney news
supplied by the attacker’s server."
After they tested a
variety of high-profile apps, the firm realized that there are many apps that
are vulnerable to attack. The problem
centers on the impact of HTTP redirections.
The attack starts with a classic man-in-the-middle attack in which the
vulnerable app sends a legitimate request to a server. The request is then captures by the attacker,
who return a 301 HTTP redirection to a server controlled by the attacker. If the attack is successful, the 301 HTTP
redirection issued by the attacker is kept in the app’s cache and changes it
behavior’s that instead of retrieving data from its designated server, the app
loads data from the attacker’s server after the man-in-the-middle attack is
over.
A 301 HTTP
redirection could allow a malicious attacker to persistently alter and remotely
control the way the application functions, without any reasonable way for the
victim to know anything about it.