Tuesday, 29 October 2013

Hijacking HTTP request [ WiFi+Mobile Apps vulnerability ]

Mobile security researchers have discovered a new way to access mobile phone apps from Wi-Fi networks.

The vulnerability allows the attackers to permanently alter the server URL from which a mobile app loads its data, so that instead of loading data from realserver.com, for instance, the attack makes the app load data from attacker.com, without the victim knowing. Attackers could use that data to load malicious links. The following video shows the simply steps involved in this attack.

They use a 301 directive to redirect the traffic flow from an app to an app maker’s server to the attackers’ server.

“The vulnerability affects so many apps that it’s virtually impossible to alert app makers,” said Yair Amit, Skycure’s chief technology officer.

Another side note is that the same researchers uncovered a separate vulnerability last year in which LinkedIn was pulling members’ calendar entries on iPhones and iPads — including details about meeting locations, participants, dial-in information, passwords and sensitive meeting notes — back to its servers. Following disclosure, LinkedIn tweaked its code to stop taking notes from private calendar appointments.