Four ways to bypass Android SSL. Verification and Certificate Pinning
نویسندگان
چکیده
منابع مشابه
CertShim: Securing SSL Certificate Verification through Dynamic Linking
Recent discoveries of widespread vulnerabilities in the SSL/TLS protocol stack, particular with regard to the verification of server certificates, has left the security of the Internet’s communications in doubt. Newly proposed SSL trust enhancements address many of these vulnerabilities, but are slow to be deployed and do not solve the problem of securing existing software. In this work, we pro...
متن کاملAn Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities
Computing platforms such as smartphones frequently access Web content using many separate applications rather than a single Web browser application. These applications often deal with sensitive user information such as financial data or passwords, and use Secure Sockets Layer (SSL) to protect it from unauthorized eavesdropping. However, recent studies have confirmed a wide-spread misconfigurati...
متن کاملHarvesting SSL Certificate Data to Identify Web-Fraud
Web-fraud is one of the most unpleasant features of today’s Internet. Two well-known examples of fraudulent activities on the web are phishing and typosquatting. Their effects range from relatively benign (such as unwanted ads) to downright sinister (especially, when typosquatting is combined with phishing). This paper presents a novel technique to detect web-fraud domains that utilize HTTPS. T...
متن کاملLeveraging DNS for timely SSL Certificate Revocation
Trust in SSL-based communication on the Internet is provided by Certificate Authorities in the form of signed certificates. When an organization uses an SSL certificate, it protects users’ sensitive information by encrypting all traffic between its servers and the users’ web browser. Sadly, current web browsers’ approaches to check the revocation status of a certificate, suffer from certain per...
متن کاملHarvesting SSL Certificate Data to Mitigate Web-Fraud
Web-fraud is one of the most unpleasant features of today’s Internet. Two eminent examples of web-fraudulent activities are phishing and typosquatting. Phishing aims to elicit sensitive information from users by presenting them with mock-ups of legitimate web sites. Typosquatting is the nefarious practice of fielding web sites with names closely resembling those of legitimate and popular Intern...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Transfer of Innovative Technologies
سال: 2020
ISSN: 2664-2697,2617-0264
DOI: 10.32347/tit2020.31.0302