Its time for apple’s turn to take a hit. Researcher Elie Bursztein demonstrated how apple store communicated with plan text. After a decade, Apple finally turns HTTPS on for the App Store, fixing a lot of vulnerabilities. It was almost unbelievable that Apple opened their doors for years.
As per ELIE.IM :
“By abusing the lack of encryption (HTTPS) in certain parts of the communication with the App Store, the dynamic nature of the App Store pages, and the lack of confirmation, an active network attacker can perform the following attacks:
– Password stealing: Trick the user into disclosing his or her password by using the application update notification mechanism to insert a fake prompt when the App Store is launched.
– App swapping: Force the user to install/buy the attacker’s app of choice instead of the one the user intended to install/buy. It is possible to swap a free app with a paid app.
– App fake upgrade: Trick the user into installing/buying the attacker’s app of choice by inserting fake app upgrades, or manipulating existing app upgrades.
– Preventing application installation: Prevent the user from installing/upgrading applications either by stripping the app out of the market or tricking the app into believing it is already installed.
– Privacy leak: The App Store application update mechanism discloses in the clear the list of the applications installed on the device.
http://www.youtube.com/embed/b7MQjLVkekg
Ref : link
