l**n
发帖数: 7272 | 1 FYI:
https://threatpost.com/en_us/blogs/research-shows-serious-problems-android-
app-ssl-implementations-101912
"There are thousands of apps in the Google Play mobile market that contain
serious mistakes in the way that SSL/TLS is implemented, leaving them
vulnerable to man-in-the-middle attacks that could compromise sensitive user
data such as banking credentials, credit card numbers and other information
. Researchers from a pair of German universities conducted a detailed
analysis of thousands of Android apps and found that better than 15 percent
of those apps had weak or bad SSL implementations. The researchers conducted
a detailed study of 13,500 of the more popular free apps on Google Play,
the official Android app store, looking at the SSL/TLS implementations in
them and trying to determine how complete and effective those
implementations are. What they found is that more than 1,000 of the apps
have serious problems with their SSL implementations that make them
vulnerable to MITM attacks, a common technique used by attackers to
intercept wireless data traffic. In its research, the team was able to
intercept sensitive user data from these apps, including credit card numbers
, bank account information, PayPal credentials and social network
credentials." | a********m
发帖数: 15480 | 2 os里面都是openssl吧。如果不安全,macosx也一样。app的ssl用别的库不能怪os吧。 |
|
