Having
SSL Certification doesn't mean that the website you are visiting is not
a bogus website. SSL certificates protect web users in two ways, it
encrypts sensitive information such as usernames, passwords, or credit
card numbers and also verify the identity of websites.
But today hackers and cyber
criminals are using every tantrum to steal your credentials by injecting
fake SSL certificates to the bogus websites impersonating Social media,
e-commerce, and even bank website.
Netcraft Security Researchers have discovered
dozens of fake SSL Certificates being used to enact financial
institutions, e-commerce site vendors, Internet Service Providers and
social networking sites, which allegedly allows an attacker to carry out
man-in-the-middle attacks.
When you will visit a bogus
website from any popular web browser; having self signed fake SSL
Certificate, you will see a foreboding warning in the web browser, but
the traffic originates from apps and other non-browser software fail to
adequately check the validity of SSL certificates.
The SSL Certificates are not
digitally signed by a trusted certificate authority, so if you are
accessing a sensitive website from your Smartphone apps or any other
non-browser software, then you may be at a great risk.
"Online banking apps for mobile devices are tempting targets for man-in-the-middle attacks, as SSL certificate validation is far from trivial, and mobile applications often fall short of the standard of validation performed by web browsers. 40% of iOS-based banking apps tested by IO Active are vulnerable to such attacks because they fail to validate the authenticity of SSL certificates presented by the server. 41% of selected Android apps were found to be vulnerable in manual tests by the Leibniz University of Hannover and Philipps University of Marburg in Germany. Both apps and browsers may also be vulnerable if a user can be tricked into installing rogue root certificates through social engineering or malware attacks, although this kind of attack is far from trivial on an iPhone." Netcraft researchers said.
Source: THN
Ei kommentteja:
Lähetä kommentti