SSL Certificate

SSL Vulnerability in Kaspersky iOS App that leads to MitM attacks

August 8, 2016 | By Comodo SSL

A new vulnerability, an SSL vulnerability, has been detected in the Kaspersky Safe Browser iOS app. As per reports, this vulnerability could in effect lead to MitM attacks.

SSL

What are MitM attacks?

MitM (Man-in-the-Middle) attacks, as the name suggests very clearly, happens when there is a man, an attacker (hacker) who gets in between two parties who are communicating with each other. As regards computer security, we can say that a Man-in-the-Middle attack is a type of cyber-attack where a malicious hacker comes in between two parties in a conversation as a relay/proxy, impersonates them both and gains access to information that is being communicated. Data that is being sent or data that is not at all meant to be sent is thus accessed without either party knowing it until it is too late. MitM attack begins when the attacker gets into a communication as it is just beginning and just as one of the parties is asking for the other’s public key. The attacker intercepts the communication, alters it and delivers it to the other party. The message is delivered with the attacker’s public key and the recipient encrypts the next message using that key. Thus it becomes easy for the attacker to intercept the communication very easily and steal data that is being communicated. Altering the communication can also lead to the attacker coaxing either of the parties or both of them to divulge data that was not meant to be communicated.

How the SSL vulnerability in the Kaspersky iOS app works

As per security researcher David Coomber, who had spotted the SSL certificate vulnerability in the  Kaspersky Safe Browser iOS app, the flaw (CVE-2016-6231) could lead to an attacker performing  Man-in-the-Middle attacks. This is done when the attacker presents a bogus SSL certificate for a secure website and this bogus SSL certificate gets accepted by the application. Well, how does this bug happen? This SSL certificate bug happens only because the Kaspersky app (version 1.6.0 and below) does not validate SSL certificates it receives when connecting to secure sites. The result? The attacker can easily intercept the information exchanged between the app and the server hosting the website and thus data like usernames, passwords etc can be easily stolen.

Kaspersky had said that this SSL certificate vulnerability could have been exploited only if users open any malware HTTPS link which is not detected by antiphishing or antimalware engines embedded in the app.

After being notified by David Coomber, Kaspersky has resolved the issue and the latest version of its iOS app (v1.7.0) is free of it. ”

Wildcardssl

<<
Employee habits put corporate security in peril

Building ssl error checker for verified connections >>

Posted in SSL Certificate

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory