When a user connects to a random Wi-Fi network without first ensuring adequate security measures on his device, it puts him at many risks. Skycure has now demonstrated that an attacker can easily hijack an iOS app web request when initiated on the same Wi-Fi network that he is connected to.
Since the app request emanates from the Wi-Fi network to which the device is connected, an attacker connected to the same network can easily gain access to the victim’s device. When the user initiates an app request, it may cause the app to cache the status message.
This is where the attacker is able to intercept the app’s attempts. He can then redirect the app request to another server, probably a hostile server, which would automatically load malicious software into the user’s device. This method can be used to install malware in any device or machine connected on a Wi-Fi network.
Skycure has posted a video demo of the entire procedure. The good news are that there already are a few solutions which can be used to resolve such a security risk. For instance, if you suspect any app to be involved in such malware downloading, you can uninstall it and then re-install it to cleanse the device of any malicious software.
Another apt solution is to simply stop the apps from caching the status messages. This way, the attacker is not able to intercept the app request and the iOS device remains safe when connected to a Wi-Fi network.