It involves, for example using static keys for encryption. These keys can be removed from the app and then to decrypt the data. This was 21% of the apps the case. Furthermore, 58% had to use a weak encryption algorithm that the apps are vulnerable to certain attacks. For a handful of apps was also developed an attack. One of these apps accepted all dished SSL certificates, allowing attackers to perform a man-in-the-middle attack.
According to the researchers cryptographic vulnerabilities are a serious threat because they enhance the effectiveness of other attacks. Through the misuse of SSL could intercept an attacker instance sensitive information. "This problem is compounded by root exploits in which an attacker rooting a device can determine which apps are installed to send random data for offline decryption" concludes researcher Adrian Mettler.
No comments:
Post a Comment