Jump to content

HTTP Request Hijacking Flaw Leaves Mobile Users at Risk

Recommended Posts

Article:

By Sean Michael Kerner Posted 2013-10-29

 

Security researchers from mobile security firm Skycure today revealed details on a new type of mobile threat that potentially puts millions of users at risk of being exploited. The new threat, called HTTP Request Hijacking (HRH), could be responsible for redirecting mobile users to malicious Websites.

The HRH flaw is particularly dangerous because countless numbers of existing mobile applications are already vulnerable, Skycure Chief Technology Officer and co-founder Yair Amit explained to eWEEK. The flaw involves a persistent caching feature in code running on mobile operating systems, in particular Apple's iOS.

The way the HRH flaw works is a user using a public WiFi network is targeted by a hacker using a man-in-the-middle (MiTM) attack. In an MiTM attack, an attacker intercepts the user's WiFi connection and then inserts a 301 redirect code, which is an HTTP response code that permanently redirects traffic to a different address.

The HRH flaw isn't the MiTM attack itself, which is enabled by having an open, unencrypted WiFi access point. The flaw lies with the 301 redirect. Amit noted that the way Apple iOS works is that the 301 redirect is cached by the application on the mobile operating system. As such, even after the user has disconnected from the open access point and has connected at a secured home or office access point, the connection for a specific site could still be redirected.

Amit noted that the code that enables the persistence of the 301 redirect is common across countless mobile applications, which means that users are already potentially at risk.

 

The Fix

One of the ways users can protect themselves from being the victim of an HRH attack is by using Secure Sockets Layer (SSL) encrypted Websites. An SSL Website, when properly configured, is not easily redirected. An SSL certificate that is issued by a Certificate Authority (CA) can be checked via the browser or operating system when visiting a site to ensure authenticity.

At a coding level, there is code that application developers can insert into their application to protect apps and their users. Amit said developers just need to create a code object that prevents the application from caching 301 redirects.

"By not caching the 301 redirects, users are no longer at risk," he said.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
You are posting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...