Israeli startup Skycure discovers vulnerability that allows attackers to send their own data to Apple devices An Israeli startup has discovered a vulnerability in many iOS apps that attackers could secretly exploit over a public Wi-Fi network to send their own data to an Apple iPhone or iPad. [ Apple’s iOS 7 gives security pros a lot to like]Skycure discovered the “coding pitfall,” which it calls HTTP Request Hijacking, while investigating a bug in its mobile security product. Further investigation uncovered the widespread flaw that could be used to send malicious links or fake news to a news app. The exploitation would start with a man-in-the-middle attack over a public Wi-Fi network. An attacker would first have to gain access to the HTTP traffic between the app and the server that receives its requests and sends back data. When the app asks for information, the attacker would have to capture the request and return what is called a 301 redirection that would essentially tell the app to get data not from the real server’s URL but from the URL of the attacker’s server. Because many developers store the server location permanently in the app’s cache, the attacker can send the data he chooses until the app is either updated or it is removed and reinstalled. While Skycure would normally notify the app developer of flaws before going public, so many iOS apps were vulnerable to this type of attack that the company believed it was impossible to find and notify all of them. “There’s simply too many apps that are vulnerable to this,” Adi Sharabani, chief executive and co-founder of Skycure, said Tuesday. “We don’t even know all the apps that are vulnerable.” Skycure is hoping its disclosure will lead to more developers hearing about the problem and fixing it. The company has posted on its blog a couple of lines of code that can be inserted in a mobile app to close the hole. For non-technical people with iOS devices, there’s little they can do to fix the problem, except install updates for their apps as soon as they are available, Sharabani said. Mobile apps that use HTTPS for communications are mostly safe, because attacks over the secure protocol are a lot more difficult. HTTP is known for being an insecure protocol susceptible to man-in-the-middle attacks, Tielei Wang, a mobile security researcher at Georgia Institute of Technology, said. This particular attack is “very limited” because it only affects HTTP connections. [Apple’s iOS 7 patches 80 vulnerabilities]In general, mobile apps send sensitive content over HTTPS, “unless the app is poorly designed,” Wang said. Skycure had not determined whether Android apps were vulnerable to the same coding flaw. However, Marc Rogers, principal security researcher at Lookout, said it was certainly possible. “I would anticipate that yes, the same problem is likely to exist,” Rogers said. Related content news analysis Water system attacks spark calls for cybersecurity regulation The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. By Cynthia Brumfield Dec 11, 2023 11 mins Regulation Cyberattacks Critical Infrastructure feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Application Security Cloud Security Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe