Security weakness in Android App SSL Implementations

Security weakness in Android App SSL Implementations


The most common approach to protect data during communication on the Android platform is to use the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Thousands of applications in the Google Play market that are using these implementations.
A group of researchers including Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith from Distributed Computing & Security Group – Leibniz University of Hannover, Hannover, Germany and Lars Baumgärtner, Bernd Freisleben from Department of Math. & Computer Science – Philipps University of Marburg, Marburg, Germany, have presented a paper that  most of these applications contain serious mistakes in the way that SSL/TLS is implemented, that leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information.
Tests performed on 100 selected apps confirmed that 41 of them were vulnerable to known attacks. The team also built a proof-of-concept tool called MalloDroid that was designed to find the potentially exploitable SSL bugs in Android apps, which they then investigated further to determine whether an attack was in fact possible.
They have successfully captured credentials of American Express, Diners Club, Paypal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary email accounts, and IBM Sametime.
It was possible to remotely inject and execute code in an app created by a vulnerable app-building framework,” the authors wrote in their paper, “Why Eve and Mallory Love Android: An Analysis of Android (In)Security“.
It is important to understand the potential risks and then make sure you are fully protected against them. To know more about What SSL is , Download Whitepaper – “Beginner Guide to SSL Certificates“.
Article By The Hacker News.
5 Responses to “Security weakness in Android App SSL Implementations”
  1. I have fun with, result in I discovered exactly what I used to be having a look for. You have ended my 4 day long hunt! God Bless you man. Have a great day. Bye

  2. Leon Chambley says:

    I just want to tell you that I am just all new to blogging and honestly loved you’re page. Most likely I’m planning to bookmark your blog . You amazingly have superb writings. Regards for sharing your blog site.

  3. Raphael Wetzel says:

    I just want to mention I am just very new to blogs and certainly liked this web-site. Likely I’m going to bookmark your blog . You actually come with superb well written articles. Thank you for sharing your web page.

  4. NqfaoKJmKl says:

    704947 528659Keep in touch whilst functioning from your own home office with out all of the hassle of purchasing or procurment costly office equipment. Debtors are allowed to apply with their a bad credit score background whenever. 448304

  5. says:

    I do not even know how I ended up here, but I thought this put up was good. I do not know who you are but definitely you are going to a famous blogger should you are not already 😉 Cheers!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

  • Blog Stats

    • 11,204 hits
  • Upcoming Events

    No upcoming events

%d bloggers like this: