New Vulnerability Found in Apps Using Wi-Fi

Mobile security researchers have discovered a new way for attackers to access mobile phone apps from Wi-Fi networks.

On Oct 29, mobile security researchers will demonstrate a simple attack that exploits a vulnerability in the code within iOS apps. The vulnerability allows attackers to persistently alter the server URL from which a mobile app loads its data, so that instead of loading data from realserver.com, for instance, the attack makes the app load data from attacker.com, without the victim knowing. Attackers could use that data to load malicious links, or insert fake, market-moving news into a news app. The researchers from Skycure, a mobile security company, said that in the past they had alerted vulnerable app makers to a vulnerability before making it public. In this case, however, they said such responsible disclosure was all but impossible because the vulnerability was present in hundreds of apps they tested, including stock management apps to news apps.


New Vulnerability Found in Apps Using Wi-Fi