News

iOS URL schemes allow conducting App-in-the-Middle attack

Trend Micro experts found that the URL scheme could allow an attacker to compromise iOS user accounts using the App-in-the-Middle attack.

According to the findings of researchers, a malicious application installed in the iOS system can steal sensitive data from other applications. To do this, the program must use the implementation of custom URL schemes. In iOS, a special sandbox is used that prevents installed applications from receiving data from each other.

However, along with this, Apple has provided methods for exchanging a limited set of data between programs.

URL schemes that used for this purpose, allow developers to launch applications using special links. For example: facetime: //, whatsapp: //, fb-messenger: //.

“The URL Schemes function as portals for apps to receive information from other apps. Since Apple allows different apps to declare the same URL Scheme, malicious apps can hijack sensitive data of certain apps. This vulnerability is particularly critical if the login process of app A is associated with app B”, — say Trend Micro specialists.

It works like this: when user is in a browser on a certain site, clicks the link “Contact us on Whatspp”. Due to the use of the URL scheme, launched messenger with all the necessary information.

Read also: Apple Watch’s Walkie Talkie Vulnerability allowed overhearing on other people’s conversations

Trend Micro researchers have concluded that using an URL scheme by an attacker could create certain risks for users.

“IOS allows multiple applications to link a single URL scheme. For example, the Sample: // scheme can use two completely different applications. Thus, a malicious application can use a completely legitimate and well-known scheme”, – says the Trend Micro report.

Such an attack is particularly dangerous if the user completes the process of logging into the account. By successfully exploiting this vulnerability, an attacker may intervene in the process of exchanging confidential data between legitimate applications.

That is why this attack was called “App-in-the-Middle”.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pectorsed pop-up ads (Virus Removal Guide)

Pectorsed.com is a site that tries to trick you into clik to its browser notifications…

7 hours ago

Remove News-wogag pop-up ads (Virus Removal Guide)

News-wogago.com is a site that tries to force you into subscribing to its browser notifications…

18 hours ago

Remove Grimpoaltoumpa pop-up ads (Virus Removal Guide)

Grimpoaltoumpa.com is a site that tries to force you into subscribing to its browser notifications…

18 hours ago

Remove News-cekufa pop-up ads (Virus Removal Guide)

News-cekufa.com is a site that tries to force you into clik to its browser notifications…

18 hours ago

Remove News-nevaw pop-up ads (Virus Removal Guide)

News-nevawo.com is a domain that tries to trick you into clik to its browser notifications…

18 hours ago

Remove News-vuyexu pop-up ads (Virus Removal Guide)

News-vuyexu.com is a domain that tries to force you into subscribing to its browser notifications…

18 hours ago