:::: MENU ::::

iOS apps can be hijacked to show fraudulent content and intercept data

NewImage

Nice writeup by Dan Goodin of Ars Technica about the possible iPhone exploits using the “301 Moved Permanently” technique.

A large number of apps for iPhones and iPads are susceptible to hacks that cause them to surreptitiously send and receive data to and from malicious servers instead of the legitimate ones they were designed to connect to, security researchers said on Tuesday.

Researchers from Israel-based Skycure stumbled on the problem when they observed their own app redirecting to a wrong address. The team soon discovered that they could make many other apps exhibit the same behavior. As a result, apps that display news, stock quotes, social media content, or even some online banking details can be manipulated to display fraudulent information and intercept data sent by the end user. After an app has been tampered with once, it will continue to connect to the hacker-controlled server for an extended period of time, with no outward indication it is doing so. The weakness, dubbed HTTP request hijacking (HRH), is estimated to affect at least 10,000 titles in Apple’s App Store.

Link: arstechnica.com

Comments are closed.