Many free Android apps checked when setting up an encrypted connection used SSL certificates, users were not so vulnerable to Man-in-the-Middle attacks. This enables IT security FireEye on the basis of the 1000 most downloaded free Android Apps on Google Play.
Of the 1,000 apps investigation showed that 674 contained at least one of three SSL vulnerabilities. This concerns in particular the failure to check offered SSL certificates. Of the 614 apps that an SSL / TLS certificate used to communicate with a remote server is checked 448 (73%) is not the certificate used. Further showed that 50 apps (8%), the host name is not checked and ignored 285 apps SSL errors that were from the Webkit engine. After being informed of all developers would have solved the problems. Found
The same study was also extended to 10,000 apps in Google Play. It involved a random collection of free apps. About 4,000 apps (40%) not checked the server certificates allow an attacker could intercept using a Man-in-the-Middle attack the data. Further showed that 750 apps (7%) were not checked the hostname. This gives the apps not notice if an attacker sends a request from the app to his own server. Furthermore, it appeared that 1300 apps (13%) no SSL errors checked when using Webkit.
No comments:
Post a Comment