Posts Tagged ‘man in the middle’

SSL errorsStaff of the two German universities found that 17% Android-SSL apps’ can be exploited to the “man in the middle” attack .

Employees of Leibniz University in Hannover and Philipps University examined some 13 000 applications and more than 1000 of them, they found errors implement SSL protocol.

In the study, researchers found that 17% of all applications that use SSL, contain errors, allowing the attacker to the “man in the middle” attack. The study’s authors said they had successfully managed to get the credentials of services, such as American Express, Diners Club PayPal, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, IBM Sametime, and various email services, and bank accounts.

The researchers found that there are problems SSL and mobile anti-virus: “We have managed to build virus signatures in the antivirus application and get it to recognize any application as a virus, and a fully disable antivirus protection.” (more…)