back to article Microsoft, eBay apps open to man-in-the-middle diddle

At least 350 Android apps are open to man-in-the-middle MITM attacks, thanks to code that fails to validate certificates over secure sockets layer (SSL), says US Computer Emergency Response (CERT) security pro Will Dormann. The apps can be found in the Google Play and Amazon stores and have been included in a continually …

  1. John Robson Silver badge

    Users could...

    "The information could allow users to uninstall affected apps until fixes were produced or could run it over trusted networks."

    If only you could rely on apps shutting down, and actually being shut down.

    1. dotdavid

      Re: Users could...

      Not really sure what you're referring to. Uninstalling an app, on Android anyway, does indeed ensure it is "shut down".

  2. batfastad

    US CERT

    When he says "If an attacker is interested in performing MITM attacks, they're already doing it", presumably he's including the NSA in with "attackers".

    1. Anonymous Coward
      Anonymous Coward

      Re: US CERT

      For all we know, the NSA may have a direct attack against SSL, and not need MITM.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021