Title :
A study of SSL Proxy attacks on Android and iOS mobile applications
Author :
Hubbard, John ; Weimer, Ken ; Yu Chen
Author_Institution :
Dept. of Electr. & Comput. Eng., Binghamton Univ., Binghamton, NY, USA
Abstract :
According to recent articles in popular technology websites, some mobile applications function in an insecure manner when presented with untrusted SSL certificates. These non-browser based applications seem to, in the absence of a standard way of alerting a user of an SSL error, accept any certificate presented to it. This paper intends to research these claims and show whether or not an invisible proxy based SSL attack can indeed steal user´s credentials from mobile applications, and which types applications are most likely to be vulnerable to this attack vector. To ensure coverage of the most popular platforms, applications on both Android 4.2 and iOS 6 are tested. The results of our study showed that stealing credentials is indeed possible using invisible proxy man in the middle attacks.
Keywords :
Android (operating system); iOS (operating system); mobile computing; security of data; Android 4.2; SSL error; SSL proxy attacks; attack vector; iOS 6; iOS mobile applications; invisible proxy man; middle attacks; untrusted SSL certificates; user credentials; Androids; Humanoid robots; Mobile communication; Security; Servers; Smart phones; Android; Man-in-the-middle; Mobile Devices; Proxy; SSL; Security; TLS; iOS;
Conference_Titel :
Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4799-2356-4
DOI :
10.1109/CCNC.2014.6866553
