HTTPS

HTTP Request Hijacking (HRH) Flaw

December 23, 2014 | By Editor 

Summary

A new exploit has been discovered and could lead smartphone users to deep trouble. Security researchers revealed details on a new type of smartphone threat that could put millions of users at risk of being hacked.

The new exploit, called HTTP Request Hijacking (HRH), is suspected for redirecting mobile users to malicious sites.

HTTP Request Hijacking (HRH) Flaw

  • The HRH exploit is dangerous because of the n-number of existing mobile apps are already vulnerable.
  • The bug has a persistent caching feature in code running on smartphone operating systems, especially iOS.
  • The HRH vulnerability preys on a user using a public wireless network that is targeted by an attacker via man-in-the-middle (MiTM) attack.
  • In typical MiTM attacks, a hacker intercepts the user’s wireless connection and inserts a 301 redirect code. This HTTP response code permanently redirects Web traffic to a different, mostly malicious, Web address.
  • The flaw lies in the 301 redirect code. In iOS, the response code is cached by an app on the mobile OS.
  • Even after the user disconnects from open source access point and connects from a safe home or office access point, the traffic for a particular website could still be redirected.
  • The code enabling the persistence of the 301 redirect is very common across a number of mobile apps meaning that users are potentially at risk.

The Patch

  • One way users can guard themselves from falling victim to an HRH attack is by surfing Secure Sockets Layer (SSL) encrypted sites.
  • An SSL site cannot be easily redirected, when properly configured.
  • An SSL certificate, issued by a Certificate Authority (CA), can be checked through the Web browser or OS when visiting a website to ensure
    authenticity.
  • At a level of coding, there is a code that app developers insert into their applications to safeguard apps and their users.
  • The developers just need to write a code object that can prevent the app from caching 301 redirects. Users are not at risk, if 301 redirects are not cached.
  • In order to get a full-disclosure, Apple was contacted by some experts of Skycure, a mobile security firm, about the vulnerability.
  • Since the problem lies with the coding section and is not a exploit inside the actual mobile OS, it is something that developers of Apple should be aware of.

SSL Certificates

Posted in HTTPS

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory