Certificate Pinning Archives - Security Affairs

Pierluigi Paganini March 26, 2019

Whitehat settings allow white hat hackers to Test Facebook mobile apps

Facebook introduced new settings designed to make it easier for cyber experts to test the security of its mobile applications. Facebook has announced the implementation of new settings to make it easier for white hat hackers to test the security of its mobile applications. To protect Facebook users, the mobile apps of the company implement […]

Pierluigi Paganini May 20, 2018

Misconfigured CalAmp server allowed hacker to take over a lot of vehicles

Security researchers discovered that a misconfigured server operated by the CalAmp company could allow anyone to access account data and takeover the associated vehicle. CalAmp is a company that provides backend services for several well-known systems. Security researchers Vangelis Stykas and George Lavdanis discovered that a misconfigured server operated by the CalAmp company could allow anyone to access […]

Pierluigi Paganini May 17, 2016

Bank Hack – How to steal $25 Billion with a few lines of code

A security expert discovered security flaws that could let anyone to steal as much as $25 Billion from one of the biggest Indian banks. The security researcher Sathya Prakash discovered that the critical vulnerabilities reside in the mobile banking application used by the bank customers. Prakash explained that the exploitation of the flaw allowed him to steal […]

Pierluigi Paganini October 15, 2014

Millions Android Cyanogenmod users exposed to MitM attacks due to Code re-use

Researcher explains that vulnerable code re-use of zero-day in Android’s CyanogenMod exposes million users to Man-In-The-Middle attacks. Security experts always discourage jailbreaking and rooting of mobile devices due to the risk related to the installation of not authorized applications that could hide malware and serious bugs. At the Ruxcon Security Conference in Australia, an unnamed security […]

Pierluigi Paganini July 12, 2014

Gmail App for iOS vulnerable to Man-in-the-Middle Attacks

Security experts at Lacoon discovered a vulnerability in the Gmail iOS app which enables a bad actor to perform a Man-in-the-Middle. Google Gmail application for iOS is exposed to risks of Man-in-the-Middle (MitM) attacks which allow bad actors to monitor encrypted email communications. An expert at mobile security firm Lacoon has discovered that version of Gmail […]

Pierluigi Paganini July 10, 2014

Google blocked unauthorized digital certificates issued by NIC India

Google Security experts have detected and blocked unauthorized digital certificates for a number of its domains issued by the NIC of India. Google announced to have blocked unauthorized digital certificates for different of its domains issued by the National Informatics Centre of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA). […]

Pierluigi Paganini April 16, 2014

Intelligence could exploit Whatsapp bug to track users location

A group of researchers discovered a vulnerability in WhatsApp “Location Share” feature which exposes user’s location to the attackers. Security issues related to WhatsApp application are not a novelty, so popular application are continuously targeted by hackers and security experts that search for vulnerabilities to exploit. Early 2014 experts at Praetorian have been conducting the Project Neptune to […]

Pierluigi Paganini February 22, 2014

WhatsApp lack enforcing certificate pinning, users exposed to MITM

Experts at Praetorian have been conducting the Project Neptune to assess the security for designing and maintenance of mobile apps, including WhatsApp. This week the IT was shocked by the acquisition of WhatsApp by Facebook, the popular mobile messaging service was sold for $19 billion, probably this is the value assigned to the information managed by […]

Pierluigi Paganini February 14, 2014

Cybercriminals target mobile applications with fake SSL Certificates

Cybercriminals targeting mobile applications with fake SSL Certificates to run man-in-the-middle attacks against the affected companies and their customers. There is the wrong conviction that SSL certification user can protect users from be tricked to visit a fake website. Netcraft has uncovered numerous attacks based on fake SSL certificates used to impersonate online banking websites, ecommerce , ISPs and […]