light bulb

Did You Know?



Reply
Highlighted
Posts: 4,218
Topics: 2,440
Kudos: 3,422
Blog Posts: 0
Registered: ‎06-02-2014

Gmail users on iOS at risk of data theft

By Jeremy Kirk
July 11, 2014 05:33 AM ET
 

IDG News Service - Apple users accessing Gmail on mobile devices could be at risk of having their data intercepted, a mobile security company said Thursday.

The reason is Google has not yet implemented a security technology that would prevent attackers from viewing and modifying encrypted communications exchanged with the Web giant, wrote Avi Bashan, chief information security officer for Lacoon Mobile Security, based in Israel and the U.S.

Websites use digital certificates to encrypt data traffic using the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols. But in some instances, those certificates can be spoofed by attackers, allowing them to observe and decrypt the traffic.

 

ComputerWorld/ Full Read Here/ http://www.computerworld.com/s/article/9249667/Gmail_users_on_iOS_at_risk_of_data_theft

Community Leader

Posts: 6,736
Topics: 4,523
Kudos: 8,622
Registered: ‎06-12-2013

Gmail App for iOS vulnerable to Man-in-the-Middle Attacks

An update with a bit more information about this vulnerability

 

By paganinip on July 12th, 2014

 

"The MITM attack scenario on GMail is composed of the following four steps:
  • Hacker tricks victim into installing a configuration profile containing the root certificate and the details of the server to reroute the traffic to. (Note: to do this, a threat actor can use a variety of social engineering methods such as sending an email, purportedly from the IT department, requesting to install the configuration profile.)
  • Reroutes victim’s traffic through the server under the threat actor’s control, defined by the malicious configuration profile.
  • Creates spoofed certificates which are identified as valid by the victim’s device.
  • Intercepts all traffic between the attacked device and intended server."

MITM for G Mail

 

Full Article

 

 

Sr. Community Leader

Posts: 902
Registered: ‎06-20-2014

Re: Gmail App for iOS vulnerable to Man-in-the-Middle Attacks

Thanks Jasper!

 

 

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!Smiley Very Happy


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!

Posts: 6,736
Topics: 4,523
Kudos: 8,622
Registered: ‎06-12-2013

Re: Gmail App for iOS vulnerable to Man-in-the-Middle Attacks

Your welcome BB97.

Sr. Community Leader

Posts: 902
Registered: ‎06-20-2014

Gmail app on iOS vulnerable to snooping, thanks to 'certificate pinning' flaw

Summary: Attackers have an easy way to intercept and steal encrypted communications of Google's Gmail users on iOS.

By Liam Tung July 11, 2014

 

Lacoon mobile security

Image: Lacoon mobile security

 

Google has left out a key security measure in its Gmail app for iOS, leaving users exposed to attackers standing between their encrypted communications and Google's servers.

According to mobile security firm Lacoon, Google is aware of a security gap in its Gmail app on iOS, one which it has already closed in its equivalent app for Android.

The problem, according to Lacoon researcher Avi Bashan, is that Gmail on iOS currently lacks what's known as 'certificate pinning' — a well-known measure that developers can build in to their apps to mitigate attacks that dupe victims into installing a malicious configuration profile.

 

Full Article

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!Smiley Very Happy


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!