Mobile users exposed: SSL/TLS vulnerabilities live on Our lead Key Topic discusses cryptographic vulnerabilities in popular mobile apps that allow cybercriminals to establish man-in-the-middle attacks when users sign on to their mobile apps’ companion websites. Poor programming practices by these app developers expose their users to a variety of SSL/TLS vulnerabilities such as BERserk and Heartbleed, which relate to the formation of secure sessions. As a result, all communications between the mobile apps and their websites, including usernames and passwords, are potentially viewable by cybercriminals. This exposure, coupled with the commercial availability of mobile malware source code and the McAfee Labs prediction that mobile malware generation kits will soon be offered on the dark web, is a recipe for theft and could lead to an erosion of trust in the Internet.
You can read the entire report here: