Apple turns on HTTPS for the App Store, closes numerous security vulnerabilities

Apple turns on HTTPS for the App Store, closes numerous security vulnerabilities

Some great work by Google researcher Dr. Elie Bursztein has led to Apple increasing security on its iOS App Store. Last July, Elie reported a number of vulnerabilities in the App Store to Apple. As of January, they have been fixed. It appears that certain areas of the App Store were not using HTTPS, and as a result, it was possible for attackers to execute a number of different exploits on users.

HTTPS is a protocol widely used to secure web traffic. By using HTTPS, companies employ an added layer of security to their users’ web traffic. When properly implemented, HTTPS helps ensure that when a user communicates with a server, that the server is indeed who they say they are (and not a malicious third party) and that the contents of their conversation stays private and unmodified. Without HTTPS, not only is it possible for a third party to view your traffic, but it is also possible for a third party to modify the traffic that you are sending and receiving without your knowledge.

In the case of Elie’s exploits, it was shown that due to the lack of HTTPS in certain areas of the App Store, it was possible for a third party to perform a number of attacks: stealing App Store passwords, installing an app other than the one the user was requesting, installing fake upgrades, preventing users from installing certain apps, and even obtaining a list of all apps a user has installed on their device. This was accomplished with scripts that Elie wrote to intercept the HTTP request and alter the responses sent back to his device. While an iPhone might request an app like Angry Birds, the response could be modified to instead serve up Real Racing to the device.

This isn’t the first time we’ve seen a company forget to secure all of their sensitive URLs with SSL and it certainly won’t be the last. Fortunately there don’t seem to be any reports of these vulnerabilities being exploited in the wild (though that’s not to say no attacks occurred and simply went unnoticed) prior to Apple’s fix. It’s also important to note that such attacks would have required a user to be on an unencrypted network with an attacker; this isn’t something that would be done while connected to an encrypted wifi network at your home, or while using your data plan with your cell provider.

Another reminder for users to remain vigilant in good security practices, and not connect their devices to unknown or unsecured networks.

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at POSSIBLE Mobile. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

3
loading...
9
loading...
102
loading...
0
loading...

← Previously

Fingerprint scanning, NFC rumored for iPhone 5S

Next up →

Givit Video Editor for iPhone goes social with Video Stream

Reader comments

Apple turns on HTTPS for the App Store, closes numerous security vulnerabilities

6 Comments

I'm currently in an IT Security class at the local tech college. It's very scary to think about how much information and the vulnerabilities with HTTP. I can only hope app developers and other platforms take securing our information more seriously.

I'm still upset they haven't done anything to FairPlay yet. Apple needs to protect its developers more. By encrypting the entire binary instead of just a few files, and perhaps using the purchaser's Apple ID as the hash key, we could put an end to pirated and hacked apps on the App Store.