Documente Academic
Documente Profesional
Documente Cultură
browser)
User-in-the-Middle
A different form of attack puts a human between two
automated processes so that the
human unwittingly helps spammers register automatically for
free email accounts
Explain how mobile is subject to main in the middle attack
Man in the middle attack is not something new. They have been around for a
few years now but have been mostly restricted to computers and laptops. With
mobile growing at a fast pace, there has been a shift in emphasis to hacking
mobile devices. This is particularly worrying as this gives access to a lot of
information like personal identity, location, messages. In fact, hackers can also
eavesdrop on conversations.
Mobile apps need to communicate with remote servers in order to function, and
most use HTTPS to do so securely. Problems arise however when apps fail to
use standard authentication methods properly. Some, for example, don’t
reliably check the certificate that proves a server is what it says it is. Others fail
to properly verify their server’s hostname.
To be secure, mobile apps have to validate the hostname, ensure the certificate
matches the server’s hostname, and ensure the certificate is trusted by a valid
root authority.