6

Consider the following scenario.

  1. Eve creates an access point in a public place.
  2. Alice connects to the AP via mobile phone and starts browsing the Web.
  3. Eve redirects Alice to a registration page and suggests to Alice to read and accept terms and conditions bla-bla and install an SSL certificate.
  4. As far as Alice is an ordinary mobile user, she thoughtlessly installs the certificate (she just clicks the Okay button since the registration message contains more than 140 characters). Most important is that it's a one-step procedure on most mobile devices.
  5. Now Eve can perform a MITM attack. She can hijack HTTP(S) traffic.

Consider yourself as a Bob's mobile application developer. How can we prevent the described attack? Can we even do that? Feel free to suggest your solution for any mobile OS.

newbie
  • 163
  • 3

1 Answers1

6

If you're the application developer the best you can probably do is pin the certificate, meaning if you see any certificate other than a specific one you know and trust (e.g. by comparing thumbprint or public key), drop the connection and get out of there.

Otherwise you're relying on a system that you have proven to be broken, as per your example. There are some practical issues with your attack though, in that installing a root certificate is a wee bit more complicated than a single click and hopefully users aren't that dum--nevermind.

Steve
  • 15,155
  • 3
  • 37
  • 66