Jump to content

Recommended Posts

Posted

Hi,

I've just been reading and watching videos about Derren Browns show Apocalypse (http://en.wikipedia.org/wiki/Derren_Brown:_Apocalypse).

In the show a penetration tester sets something up on the 'victims' iPhone which allows a continuous man-in-the-middle attack.

The most interesting part was that they could add content to his apps. Tweets in Twitter and news items into the BBC news app for example.

Does anyone have any idea how this could be achieved. I'd love to play around with this in my own iphone and see what I can do.

For the continuous access I wondered if some sort of ios certificate was added which forces the use of a proxy?

Thanks,

Danny

Posted

I reckon you saw a pentester using HTTP request Hijacking.

http://www.skycure.com/blog/http-request-hijacking/

In short: Twitter/BCC news app requests a feed, one spoofs the DNS request for the feed to a third party, at the third party you put a 301 redirect to a specific site (e.g. notyourtwitter.com), and the application gets the feed spoon-fed from the wrong place. Now, you would think this would all end once the iPhone moves to a different place, dns cache expires and the situation would resolve itself. But no, the application itself is caching the 301 redirect to the same specific notyourtwitter site, long after the fact. The link above describes the exploit in more detail. It's not an iOS fix that would resolve this, developers themselves need to fix this.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...