MITM attacks on banking apps

Researchers from the University of Birmingham have discovered certain banking iOS and Android apps, such as HSBCand the TunnelBear VPN app, are vulnerable to man-in-the-middle (MITM) attacks.

Attackers can use MITM attacks to steal customer credentials or manipulate network traffic.

According the Threatpost report,  researchers described the vulnerability in how apps implement certificate pinning and use certificate verification when creating a Transport Layer Security (TLS) connection.

The researchers further said “certificate pinning can (and often does) hide the lack of proper hostname verification, enabling MITM attacks.” Each of the banks were notified of the flaws and the vulnerabilities have been fixed.

Leave a Reply

Close Menu