HTTP Request Hijacking Flaw Leaves Mobile Users at Risk
A new type of flaw is discovered that could be leading mobile users down the path to ruin.Security researchers from mobile security firm Skycure today revealed details on a new type of mobile threat that potentially puts millions of users at risk of being exploited. The new threat, called HTTP Request Hijacking (HRH), could be responsible for redirecting mobile users to malicious Websites. The HRH flaw is particularly dangerous because countless numbers of existing mobile applications are already vulnerable, Skycure Chief Technology Officer and co-founder Yair Amit explained to eWEEK. The flaw involves a persistent caching feature in code running on mobile operating systems, in particular Apple's iOS. The way the HRH flaw works is a user using a public WiFi network is targeted by a hacker using a man-in-the-middle (MiTM) attack. In an MiTM attack, an attacker intercepts the user's WiFi connection and then inserts a 301 redirect code, which is an HTTP response code that permanently redirects traffic to a different address. The HRH flaw isn't the MiTM attack itself, which is enabled by having an open, unencrypted WiFi access point. The flaw lies with the 301 redirect. Amit noted that the way Apple iOS works is that the 301 redirect is cached by the application on the mobile operating system. As such, even after the user has disconnected from the open access point and has connected at a secured home or office access point, the connection for a specific site could still be redirected.
Amit noted that the code that enables the persistence of the 301 redirect is common across countless mobile applications, which means that users are already potentially at risk.