SSL Security Still Not Adequately Addressed by Many Mobile Apps
Page 1 of 1
Intel Security published a new report on February 24, shedding light on the continuing lack of proper transport layer security for mobile apps.
In September of 2014, the Computer Emergency Response Team (CERT) at Carnegie Mellon University publicly identified a list of multiple mobile apps that had having SSL (Secure Socket Layer) security issues. In January of 2015, Intel Security's McAfee Labs tested the 25 most popular apps from the CERT list and found that 18 of them still have SSL security issues. The SSL security issues could potentially enable an attacker to intercept user data that is supposed to be traveling over a secured SSL connection.
"It’s very hard to know the reasons but often problems like these can be down to the fact the app is no longer actively being developed – end of life’d or no longer supported, however many of the apps we researched were very much active and in development," Raj Samani, VP and CTO Intel Security, told eWEEK. "In this case it is most likely that they have other priorities, unfortunately."