Many people have heard about mobile man-in-the-middle (MiTM) attacks but aren’t sure just exactly what they are or how they happen. Learn more including the development and security issues that can leave apps vulnerable to MiTM attacks, tips for testing and the layers of network defense that can help you avoid these issues.
Nearly all mobile apps interact with backend systems and require secure communications. One best practice for developers to safeguard network communications is to implement certificate pinning in their apps. Certificate pinning protects against attackers intercepting sensitive data via man-in-the-middle (MiTM) attacks. Learn more here.
Recent news stories have brought attention to a research paper (“Spinner: Semi-Automatic Detection of Pinning without Hostname Verification”) published this week highlighting man-in-the-middle (MITM) vulnerabilities in a number of public mobile apps. The vulnerability springs from a failure to validate that the hostname on the certificate matches the actual host to which an app connects.
Implementing certificate pinning in mobile apps that handle highly sensitive data provides too much benefit to be passed over. Users can be tricked into installing a malicious self-signed certificate on a mobile device, setting the stage for a man-in-the-middle attack. In those situations, certificate pinning can still prevent the interception of an app’s network traffic.
PRIVACY DISCLOSURE: NowSecure uses first party and third party cookies to provide functions of this website and our services, to uniquely identify visitors, to analyze use of our website, and to target our marketing. You can choose to block cookies using your browser settings. By continuing to use our website or services you indicate your agreement. To learn more about the cookies we use and how we may collect and use your personal data, visit our Privacy Policy
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.