Security experts at Trend Micro devised a new app-in-the-middle attack that could be exploited by a malicious app installed on
Apple also implements some methods to allow sending and receiving limited data between applications, including the URL Scheme (aka Deep Linking). The method could allow developers to launch an app through URLs (i.e.
For example, a user can click on “Contact us via Whatspp” within an app, launches the WhatsApp app installed on the device passing the necessary information to authenticate the user.
Experts explained how to abuse the URL Scheme for malicious purposes that could potentially expose users to attacks.
Trend Micro pointed out that iOS allows one single URL Scheme to be used by multiple apps allowing malicious apps to exploit the URL Scheme.
“Apple addressed the issue in later iOS versions (iOS 11), where the first-come-first-served principle applies, and only the prior installed app using the URL Scheme will be launched. However, the vulnerability can still be exploited in different ways.”
The vulnerability is very dangerous when the login process of app A is associated with app B, the image below shows the attack scenario:
When the Suning app users access their e-commerce account using
The experts discovered that since Suning always uses the same
“With the legitimate WeChat URL Scheme, a fake-
The discovery demonstrates that an attacker using a malicious app with the same Custom URL Scheme as a targeted app can trick them into sharing users’ sensitive data with it.
“In our research, plenty of apps that our system audited were found taking advantage of this feature to show ads to victims. Potentially malicious apps would intentionally claim the URL Scheme associated with popular apps:
Experts remarked that the URL Scheme cannot be used for the transfer of sensitive data.