SSL on Mobile is Still a Problem

securityintelligenceSecurity Intelligence has an article on ‘Cracks in the Digital Foundation of the Internet Crumbling the Core‘ based on IBM’s X-Force Threat Intelligence Quarterly.

The mobile part of the article mentions the CERT Tapioca tool that allows investigation of man-in-the-middle (MITM) attacks due to apps not correctly validating SSL certificates. This has produced 9,200 new app security vulnerabilities affecting over 2,600 unique vendors.

The article mentions “the unusual apathy mobile app developers seem to be displaying, leaving important banking applications vulnerable to critical disclosures” and “Despite warnings, 10 of the 17 banking applications tracked (59 percent) were still vulnerable four months later”.

Read more technical information on how to check for security exceptions, verify the SSL Certificate Hostname and SSL pinning.