Elie Bursztein, a Google developer, reported several vulnerabilities in Apple’s App Store that could lead to extreme privacy breaches and attacks on users. The reports, made back in July 2012, led Apple to enable HTTPS for its App Store. By having HTTPS on, users are protected from the various types of attacks that Bursztein pointed out. It also helped that Bursztein made the attack codes public in order to light a fire under developers to enable HTTPS for their apps.
The attacks listed by Bursztein included: Password stealing, app swapping, app fake upgrades, prevention of app installations, and privacy leaks. In order for hackers to be able to use these attacks, all they had to do was be on the same unencrypted network as the iPhone/iPad they were targeting. Locations with unencrypted Wi-Fi includes locations like airports, coffee shops, and public libraries.
The second is the app swapping attack. The hacker is able to swap the app the user is trying to download or purchase with an app of their own. While it looks like the app being downloaded is the one the user chose, once the download is finished, they will be greeted by the swapped app. The hacker could abuse this attack to generate money for themselves, or by causing the user to pay a lot of money on a very expensive app.
The final attack would be the fake app upgrade, which works similarly with the app swapping attack. The hacker will insert a fake upgrade into the user’s App Store that causes the user to install the app instead. Bursztein’s report provides a wake-up call to Apple and developers alike in the importance of security. It also helps raise user awareness to any potential cyber attacks to their devices. Having your password stolen, paying a fortune on a swapped app, or having your privacy leaked to a stalker is a nightmare for anyone.
[via Elie Bursztein]