Man In the Middle Attacks

by Brian Contos, AppDome VP of Customer Engagement and IDG Contributor

Mobile devices are vulnerable to MiTM attacks too. In particular, mobile apps are vulnerable to MiTM attacks.

Man in the middle attacks (MiTM) are a popular method for hackers to get between a sender and a receiver. MiTM attacks, which are a form of session hijacking are not new. However, what might not be known is that mobile devices are vulnerable to MiTM attacks too. In particular, mobile apps are vulnerable to MiTM attacks.

As part of a series on mobile security I’ve written about other mobile-based attacks here:

Man in the middle attacks

OWASP has one of the simplest and best definitions of a MiTM attack. “The man-in-the middle attack intercepts a communication between two systems.” You might also hear this referenced as a malicious proxy. Edward J. Zaborowski gave a presentation on this topic at DEF CON titled: Malicious Proxies.

Proxies

A proxy by design simply intercepts a request from a sender to a receiver.

  • On behalf of the sender the proxy makes a request to the receiver.
  • The proxy receives a response from the receiver.
  • Finally, the proxy delivers that information to the sender.

A malicious proxy works the same way. It can intercept, send, receive and modify data without the sender or receiver knowing it’s happening. MiTM, malicious proxies operate similarly with mobile attacks.

MiTM and mobile apps

The exact same vulnerabilities that lead to MiTM attacks on traditional devices apply to mobile devices. The cause is generally associated with incorrect certificate validation and leveraging protocols that are not secure such as various flavors of SSL and early versions of TLS.

For mobile apps to thwart these types of attacks it’s important to look at how the mobile app preforms authentication. Leveraging certificate pinning within the mobile app for example helps ensure that the mobile app is communicating with the device it is expecting to communicate with.

On the mobile device, within the mobile app, certificate pinning links the certificate to the destination’s hostname to create trust. This is generally done when the app is developed at a time when the pinning relationship is known to be valid. There is little reason to do this later when a malicious proxy is already in place.

It’s important to have pinning between the certificate and the server’s hostname and validation that the certificate is from a valid root authority. All of these controls can and should be built directly into the mobile app. Even with other controls in place like whitelisting, certificate pinning is needed to thwart MiTM attacks. For additional information on certificate and public key pinning check out OWASP.

Avita Flit

Have a question?

ask an expert

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.

Search Appdome Solutions

Search
Using Genai To End Mobile Threats Faster

Using GenAI to Resolve Mobile Threats Faster

Using GenAI to End Mobile Threats Faster
As soon as Generative Artificial Intelligence (GenAI) came on the scene, we started evaluating how to leverage this exciting and powerful technology….

Prevent Loyalty Fraud in Mobile Apps

Top 5 Ways to Prevent Loyalty Fraud in Mobile Apps

Loyalty fraud, also known as loyalty program fraud, frequent flyer fraud, rewards fraud, loyalty points fraud, or hotel rewards program fraud, occurs when fraudsters exploit loyalty programs for financial…

Top 5 Ways to Secure Mobile Streaming Apps

Top 5 Ways to Secure Mobile Streaming Apps

In 2023, the global video streaming market was valued at $554B and the global music streaming market at $41B. When looking at the streaming market on mobile apps; mobile…