THE SAVAGE CURTAIN: MOBILE SSL FAILURES presented at BlackHatMobileSecurity 2015

by Tushar Dalvi, Tony Trummer,

Summary : Organizations are all so anxious to reach their "mobile moment", but are failing miserably at securing the mobile application traffic, in a variety of ways. We will review some of the common pitfalls with mobile application traffic encryption, how to test for vulnerabilities and a fool-proof method on how to prevent your organization from falling victim to these all too common errors. We will also be presenting a novel SSL/TLS attack, which could be used for a semi-permanent, nearly undetectable MitM attacks.
Presentation White Paper