At RSA Conference Europe in Amsterdam last week, rumours were circulating that thousands of delegates in attendance had been targeted in a ‘man in the middle’ attack.
Was it true? Well, there hasn’t really been any evidence of that but it certainly highlighted the danger of this specific kind of threat.
In fact, it had been a hot topic for discussion during the event in any case. During the event, researchers at Israeli startup Skycure stated that using a man-in-the-middle attack, hackers could exploit a vulnerability in many high-profile iOS apps, allowing them to repeatedly direct traffic from the app to a different server.
Tens of thousands of iOS apps are vulnerable to an attack, which Skycure dubbed "HTTP Request Hijacking." This involves manipulating HTTP status code 301 Moved Permanently, which is used to redirect Web traffic to a new URL.
Lots of apps, like browsers, cache the address redirection and automatically reuse it to save time. While such redirections are clear in a browser, where the URL is displayed in the search bar, they tend to be far less apparent in apps. As a result, it can be fairly easy for an attacker to manipulate an app to permanently load data from a malicious server without the user knowing anything about it.
Commenting on the issue, Chris Wysopal, CTO and co-founder of mobile security firm Veracode, said: "This is more about vulnerabilities than malware or risky behaviour.
"This puts this problem on the shoulders of our static analysis for iOS apps where we find cryptography errors as a vulnerability. It is these cryptography errors, such as not implementing SSL error handling or SSL certificate validation, that leads to MITM vulnerabilities.
"The last SoSS had this data for iOS. We found that 58% of iOS apps had cryptographic issues"
