Mobile Attack Abuses HTTP 301 Redirects
Page 1 of 1
The new threat, called HTTP Request Hijacking (HRH), could be responsible for redirecting mobile users to malicious Websites.
The HRH flaw is particularly dangerous because countless numbers of existing mobile applications are already vulnerable, Skycure Chief Technology Officer and co-founder Yair Amit explained to eWEEK. The flaw involves a persistent caching feature in code running on mobile operating systems, in particular Apple's iOS.
The way the HRH flaw works is a user using a public WiFi network is targeted by a hacker using a man-in-the-middle (MiTM) attack. In an MiTM attack, an attacker intercepts the user's WiFi connection and then inserts a 301 redirect code, which is an HTTP response code that permanently redirects traffic to a different address.