Social Media Accounts Susceptible to Hijack through iOS URL Scheme


The security researchers have elaborated about a latest app-in-the-middle attack that could allow a malicious app installed on your iOS device to theft in various sensitive information from the other apps by exploiting certain implementations of Custom URL Scheme. On Apple’s iOS operating system, by default, every app runs inside a sandbox of its own that prevents all the other apps installed on the same device from accessing each other’s data. Nevertheless, Apple offers some methods that facilitate sending and receiving very limited data between the applications.

Image Source:

One such mechanism is known as URL Scheme, also alternatively known as Deep Linking, that permits the developers to let the users launch their apps through URLs such as facetime://, fb-messenger://, Whatsapp:// etc. Taking an example, when a user clicks on the option “Sign in with Facebook” within an e-commerce app, it directly launches the Facebook app that is installed on your device and automatically processes the authentication. But, in the background, that e-commerce app actually triggers the URL Scheme for the Facebook app (fb://) and at the same time passed some context information required to process the login of the user.

Researchers at Trend Micro have noticed that since Apple does not explicitly define which app can use which keywords for their Custom URL Scheme, multiple apps on an iOS device can use single URL Scheme that eventually could trigger and pass sensitive data to a completely different app unexpectedly or maliciously. In order to demonstrate this, researchers have illustrated an attack scenario, as shown in the image below, using an example of a Chinese retailer app “Suning” and its implementation of “Login with WeChat” feature, explaining how it is susceptible to hacking. You can also checkout the .onion Links.

Image Source:

In a nutshell, when the Suning app users chose to access their e-commerce account using WeChat, it generates a login-request and sends it to the WeChat app that is installed on the same device using the iOS URL Scheme for the messaging app. WeChat on the other hand then requests a secret login token from its server and sends it back to the Suning app for authentication. Researchers have found that since Suning always uses the same login request query to request the secret token and WeChat does not authenticate the source of the login request, the implementation of the same is vulnerable to the app-in-the-middle attack through the iOS URL Scheme, finally permitting the attackers to gain unauthorized access to the users’ accounts.

This means that a malicious app having the same Custom URL Scheme as a targeted application can trick other apps into sharing the sensitive data of the users with it or cam perform unauthorized actions, potentially resulting in the loss of privacy, exposure to pop-up ads or bill fraud. As a matter of fact that the exploitability of this vulnerability completely depends upon the way, a URL Scheme has been implemented, app developers and popular platforms, on the other hand, are recommended to review their apps and validate fix for entrusted requests.

Source: The Hacker News

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Darknet #.onion_Sites_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links_Hidden_Wiki #Dark_net_Links


Please enter your comment!
Please enter your name here