RSS Alerts

Share

More services

Related Links

Related Stories

  • Android malware up sixfold in Q3
    As smartphones continue to take the world by storm—in many markets, they provide the only access to broadband—malware producers are ramping up efforts accordingly, especially for popular platforms like Google Android. Malware targeting the Android platform increased nearly sixfold in the third quarter of 2012.
  • Facing a malware onslaught, Google plans scanner for mobile app market
    Google is plotting ways to implement a client-side solution to prevent rogue apps from being downloaded from Google Play, the Android application store, according to an analysis.
  • FBI issues Android malware warning
    Poor Android. Google’s smartphone operating system has offered a rich breeding ground for cybercrime in recent months, and there’s little sign that the danger is abating. The latest is a warning from the FBI’s Internet Crime Complaint Center (IC3), alerting the populace that the Loozfon and FinFisher malware strains are targeting Android devices – again.
  • RSA Europe 2012: Symantec reports on trends, malicious server admin, and another Android trojan
    The latest monthly intelligence report from Symantec shows current trends in spam, phishing, malware and malicious websites; but also provides insight in how criminals administer a compromised server, and describes a solar-powered Android app.
  • Android adware, Zitmo botnets and Romanian hackers, oh my!
    We're not in Kansas anymore: The third quarter of 2012 saw a marked increase in Android adware, while new evidence surfaced suggesting that the Zeus-in-the-Mobile (Zitmo) banking trojan is evolving into a botnet. And, Romanian hackers are continuing to perform large-scale scanning for web vulnerabilities, according to the quarterly threat assessment from Fortinet.

Top 5 Stories

News

Thousands of Android apps and millions of users are susceptible to MITM attacks

23 October 2012

Researchers from the universities of Hannover and Marburg in Germany have analyzed SSL/TLS implementation in thousands of Android apps and found many to be insecure, making them susceptible to man-in-the-middle attacks.

While there have been numerous studies seeking to find and understand Android malware, this study examined benign Android apps that could be exploited by third parties. The subject of the study is SSL and its successor TLS, the protocols used to secure internet communications. Since communications and the internet lie at the heart of Android use, many apps quite legitimately seek internet permissions; but users have no way of knowing whether the communications are secure. “This paper,” say the researchers, “seeks to better understand the potential security threats posed by benign Android apps that use the SSL/TLS protocols to protect data they transmit.”

The researchers examined 13,500 popular free apps from Google Play. To help their analysis they developed their own tool, called MalloDroid, to perform a static analysis of the apps’ code, and found that “1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks.” To confirm these findings, they selected 100 apps for manual investigation, and were able to “successfully launch MITM attacks against 41 apps and gather a large variety of sensitive data.”

The purpose of SSL/TLS is to secure communication between the user and the destination website. If this isn’t done, or is implemented insecurely, attackers can sit between the user and the website (hence ‘man-in-the-middle’) and read the data that passes. During the manual tests, the researchers “were able to capture credentials for American Express, Diners Club, Paypal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary email accounts, and IBM Sametime, among others.”

A separate survey of 754 Android users indicated a wide lack of understanding about SSL security. 378 users did not accurately judge the security state of a browser session, while 419 had not seen a certificate warning, and even then considered the risk to be medium or low.

The combination of a poor understanding about SSL, Android’s open approach to app development, and insecure SSL implementations means that many millions of users are exposed to MITM attacks. “The cumulative number of installs of apps with confirmed vulnerabilities against MITM attacks is between 39.5 and 185 million users, according to Google’s Play Market,” say the researchers. They outline several avenues for future research to solve or at least alleviate the problem, but will in the meantime, they say, “provide a MalloDroid Web App and will make it available to Android users.” With this app, users will at least know whether the apps they use are susceptible to MITM.

 

This article is featured in:
Internet and Network Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×