View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 7, 2013

Man in the Middle attacks hit iOS apps

Tens of thousands of iOS apps are vulnerable.

By Cbr Rolling Blog

At RSA Conference Europe in Amsterdam last week, rumours were circulating that thousands of delegates in attendance had been targeted in a ‘man in the middle’ attack.

Was it true? Well, there hasn’t really been any evidence of that but it certainly highlighted the danger of this specific kind of threat.

In fact, it had been a hot topic for discussion during the event in any case. During the event, researchers at Israeli startup Skycure stated that using a man-in-the-middle attack, hackers could exploit a vulnerability in many high-profile iOS apps, allowing them to repeatedly direct traffic from the app to a different server.

Tens of thousands of iOS apps are vulnerable to an attack, which Skycure dubbed "HTTP Request Hijacking." This involves manipulating HTTP status code 301 Moved Permanently, which is used to redirect Web traffic to a new URL.

Lots of apps, like browsers, cache the address redirection and automatically reuse it to save time. While such redirections are clear in a browser, where the URL is displayed in the search bar, they tend to be far less apparent in apps. As a result, it can be fairly easy for an attacker to manipulate an app to permanently load data from a malicious server without the user knowing anything about it.

Commenting on the issue, Chris Wysopal, CTO and co-founder of mobile security firm Veracode, said: "This is more about vulnerabilities than malware or risky behaviour.

"This puts this problem on the shoulders of our static analysis for iOS apps where we find cryptography errors as a vulnerability. It is these cryptography errors, such as not implementing SSL error handling or SSL certificate validation, that leads to MITM vulnerabilities.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"The last SoSS had this data for iOS. We found that 58% of iOS apps had cryptographic issues"

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU