Android apps’ often contain errors implement SSL

Posted: October 22, 2012 in IT Security News, Vulnerability News
Tags: , , ,

SSL errorsStaff of the two German universities found that 17% Android-SSL apps’ can be exploited to the “man in the middle” attack .

Employees of Leibniz University in Hannover and Philipps University examined some 13 000 applications and more than 1000 of them, they found errors implement SSL protocol.

In the study, researchers found that 17% of all applications that use SSL, contain errors, allowing the attacker to the “man in the middle” attack. The study’s authors said they had successfully managed to get the credentials of services, such as American Express, Diners Club PayPal, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, IBM Sametime, and various email services, and bank accounts.

The researchers found that there are problems SSL and mobile anti-virus: “We have managed to build virus signatures in the antivirus application and get it to recognize any application as a virus, and a fully disable antivirus protection.”

Similar problems arise due to the fact that the developers set up correctly in the SSL configuration of the operating system API. Among the apps’, with insufficient protection of encrypted connections in 21% of cases the protocol is all trusted certificates, and in 20% of the presented certificate offered no matter from which domain it was delivered.

Links:

The results of the study can be found here.

Related post: Hypertext Transfer Protocol Secure (HTTPS)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s