Post by Michael Mimoso September 3, 2014
A growing compilation of close to 350 Android applications that fail to perform SSL certificate validation over HTTPS has been put together by the CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University. Researcher Will Dormann created a large spreadsheet hosted on the CERT/CC site listing Android applications found on both the Google play and Amazon stores that fail to validate digital certificates, leaving them exposed to man-in-the-middle attacks.
Dormann said the spreadsheet is a living document and more applications are currently being tested and will be added to the list. On Aug. 21, CERT/CC released a tool called CERT Tapioca that was used to perform man-in-the-middle testing on the Android applications.
Full Article
CERT/CC Enumerates Android App SSL Validation Failures
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.