What are mobile man-in-the-middle attacks – and how dangerous are they?
If you ever work on a mobile device, you are a potential target to mobile man-in-the-middle attacks. Here’s what you need to know
Short of time?
Businesses have known for a long time that public Wi-Fi is one of the weakest links in mobile security. But what is proving even weaker is public awareness of just how vulnerable those connections can be.
According to iPass, which tracks the global growth of Wi-Fi, there are now 339,797 Wi-Fi hotspots in the UK, representing a growth of 131% since 2013.
But a recent report by Action Fraud, UK's national fraud and internet crime reporting centre, highlighted a lack of awareness about the potential security vulnerabilities of public Wi-Fi.
In particular, the report called out research by Ofcom in which only 23% of people felt public Wi-Fi was less secure than their own personal internet connection, and a quarter are conscious of the things they need to avoid doing whilst using it.
There has recently been an uptick in both frequency and severity of a particular kind of vulnerability called the man in the middle (MitM) attack, which according to Action Fraud represents one of the most common threats to public Wi-Fi.
Simply put, by listening in and intercepting a mobile device's traffic via a rogue hotspot, hackers can intercept data flowing to and from the device's browser and apps to hoover up sensitive information.
This lack of public awareness can have serious repercussions for the enterprise. If employees are careless about accessing public Wi-Fi on their personal devices, you can be sure the same is happening on their work devices.
MitM attacks have been on the security radar for years, but have historically mainly affected laptops. While IP and data loss is a serious concern, a shift in emphasis to mobile devices is particularly worrying as they could allow a hacker to identify a person’s location, intercept messages or even eavesdrop on conversations.
A MitM occurs when a hacker inserts his computer between your device and the web server it’s trying to communicate with. Mobile apps need to communicate with remote servers in order to function, and most use HTTPS to do so securely.
Problems arise however when apps fail to use standard authentication methods properly. Some, for example, don’t reliably check the certificate that proves a server is what it says it is. Others fail to properly verify their server’s hostname.
To be secure, mobile apps have to validate the hostname, ensure the certificate matches the server’s hostname, and ensure the certificate is trusted by a valid root authority.
Without this, there’s no way for the app or device to know if it’s data is being hijacked and sent to another website. Apple and Android have made this validation easier for developers with a ‘certificate pinning’ policy, but the additional operational overhead has limited adoption (along with some theoretical attacks against certificate pinning).
Who’s at risk?
Essentially, everyone in the mobile enterprise is a potential target, but the most vulnerable are those in senior or executive positions in business and government.
Hackers are on the lookout for anyone who deals with sensitive information – particularly those who might have access to trade secrets or financial data. Anyone who works in R&D or product development should also be cautious.
The problem is very real. It’s been estimated that nearly three quarters of the top 1,000 free apps in Google Play don’t check server certificates, and nearly three quarters of those ignore any SSL errors that pop up when they communicate with the app server.
And before we start wagging fingers too vigorously at Android, Apple iOS devices seem to be just as MitM prone. A vulnerability discovered in April 2015 affected how approximately 1,500 iOS apps established their secure connections to servers. It meant that anyone intercepting data from an iPhone or iPad could access logins and other personal information transmitted via HTTPS.
Some of the suspicious behaviour noted recently has all the hallmark of previous hacking attempts carried out by certain state actors, and seems particularly focused on strategically important sectors such as aerospace and transport. Even the NSA is rumoured to have used MitM methodologies to install spyware on targeted devices around the globe.
So what can I do?
Standard protection methods like secure containers, wrappers and mobile anti-virus solutions just don’t go far or deep enough to protect against these emerging threats. New forms of MitM continue to evolve and major new attacks are being discovered frequently. The best protection, of course, is prevention in the first place.
Don’t auto connect. Avoiding the use of free Wi-Fi hotspots and automatic connections is a good start, as is ignoring unexpected communications, not jailbreaking phones and not using apps from untrusted sources.
Sourced from Eldar Tuvey, CEO, Wandera