Hackers of India

Mobile SSL Failures

By  Tushar Dalvi  , Tony Trummer  on 21 Nov 2014 @ Deepsec


Presentation Material

Abstract

Mobile SSL Failures Failure to validate Certificate Authorities - Approximately 40 well-known apps Failure to validate Certificate Hostnames - Approximately 40 well-known apps Failure to encrypt at all - Tens of millions passwords and credit cards Recent FTC settlement related to this topic Review of why physical security isn’t assured with mobile - Smudge attacks