HTTP Request Hijacking attack said to be simple to do against Apple IOS apps
Network World - Many Apple iOS applications are vulnerable to a man-in-the-middle attack that can result in permanent manipulation by the attacker, according to start-up Skycure, which released its research findings on this today during the RSA Europe conference.
Skycure CTO Yair Amit says many mobile iOS apps are vulnerable to a “very simple attack that relies on the 301 HTTP Response, a permanent re-direction.” If an Apple iOS app can cache these so-called 301 HTTP Re-Direct Response requests — and many popular iOS apps do, according to Skycure — then the app is vulnerable to being repeatedly hijacked via re-direction to the attacker’s server.
While this general type of man-in-the-middle attack has been known on the Web for many years, for mobile applications the result is worse in that it “persistently changes the URL” of the server and lets the attacker take dynamic control over the app, says Amit. In the information that Skycure is publishing today, the company notes the impact of the attack is basically that instead of loading data from the real site that the user wants to visit, the attacker can make the app permanently load the data from the attacker’s site.
Skycure isn’t releasing the names of the vulnerable iOS apps because this issue hasn’t necessarily been fixed. Amit says according to Skycure’s research, a significant portion of apps available through the official Apple App Store could be attacked this way. The problem is not a vulnerability in iOS itself but a coding weakness on the part of the developer.
Skycure says “HTTP Request Hijacking” of Apple iOS mobile devices such as iPhones and iPads starts with a man-in-the-middle attack, which would typically commence in a public WiFi zone, such as in a coffee shop. While a type of attack like this has been known to happen on the Web between computer-based Web browsers and Web servers for quite some time, the way a similar attack works on mobile devices hasn’t yet been subject to much scrutiny, says Amit.
He adds the implication of such an attack on news or financial information received through iOS devices is troubling.
“In a mobile application, it changes the application,” he says, adding “there’s no easy way to remove the problem.” But Skycure believes there are a number of steps that app developers can take to remediate or mitigate against it.
Among them are making sure the app doesn’t cache a 301 HTTP Re-Direct Response for re-direction. Another is to make sure the mobile device interacts with a designated server via an encrypted protocol, such as HTTPS, instead of HTTP. “If you want your application to behave differently with a server, just release an update,” he suggests. Making changes to apps to correct for this may be somewhat disruptive to the end-user, he adds.
The HTTP Request Hijacking attack on iOS that Skycure has identified may also exist in Android or other mobile-device platforms, but Skycure currently puts its focus primarily on Apple iOS. Skycure believes one danger in this type of man-in-the-middle attack on mobile devices is that it is much less visible to the victimized end-user than the more traditional computer-based form of the attack.
Source: Network World
Verizon could be working on increasing the speed of its phone network in New York, by performing a new LTE rollout. The carrier has apparently been spotted operating a new LTE network, which is shown to be providing network speeds of around 80Mbps downstream, and peaking at almost 23Mbps for uploads.
Milan Milanovic told GigaOM that his spectrum analyzer showed the network as operating on the 2.1GHz Advanced Wireless Services band, and was able to be connected to using an iPhone 5s. The new connections could end up offering a 150Mbps theoretical maximum, with the carrier apparently deploying the network on 40MHz of spectrum in some areas thanks to the acquisition of 4G licenses from cable companies last year. It is thought that the 80Mbps achieved on the test network is due to either an artificial data rate restriction or an insufficient fiber backhaul.
The same high-speed network is apparently also being tested in Los Angeles in Chicago, though these rumors were not able to be confirmed to the same level as the New York trials. A launch date for the mystery network is also unknown.
Apple launched its iPhone 5s just a few weeks ago, although shortly after its release, users of the new iPhone have been reporting a number of issues with the device. We recently heard the motion sensors on the iPhone 5s are slightly out of whack, as well as rumors of the device possibly bending just like the iPhone 5 did when it was first released. A new issue with the iPhone 5s has come up, this time bringing the infamous “Blue Screen of Death” with it.
Yes – you read right. A number of iPhone 5s owners have taken to the Apple support forums to report they have been experiencing the blue screen of death on their devices. The most common method of experiencing the blue screen of death seems to be when iPhone 5s owners use Apple’s suite of iWork applications. One user recorded the instance and published it on YouTube, which we can see the problem seems to come up when attempting to multitask between different iWork applications. Once the iPhone 5s reaches the blue screen of death, the device automatically reboots itself, which could certainly be an issue if your neck deep in an iWork document.
At this time, Apple has yet to make any remarks towards the iPhone 5s’ blue screen of death issue, but we’ll be sure to keep an eye out for any updates regarding it.
Patch fails to resolve lockscreen vulnerabilities
A newly-documented technique lets people bypass the lockscreen in iOS 7.0.2 and dial any phone number, not just emergency numbers. The method involves waiting for a notification, or forcing one by sending a text message or ejecting the SIM card. Once the notification pops up, a hacker has to swipe right on it while simultaneously swiping up on the Camera icon. While keeping a finger on the Camera icon, a person must then slide to unlock and tap the Emergency Call button. After dialing, hitting the Call button quickly two or three times should crash Springboard, but allow the call to go through once Springboard restarts.
The v7.0.2 update was itself meant to resolve earlier lockscreen vulnerabilities. The person credited with discovering the new bug, Dany Lisiansky, notes that he also recently found a v7.0.2 vulnerability allowing someone to skip the lockscreen via Siri or Voice Control and access photos, emails, and messages. Apple has had a recurring problem with new versions of iOS enabling lockscreen bypasses, which it then has to quickly close.