Abstract
The use of mobile devices has undergone rapid growth in recent years. However, on some occasions, security has been neglected when developing applications. SSL/TLS has been used for years to secure communications although it is not a vulnerability-free protocol. One of the most common vulnerabilities is SSL pinning bypassing. This paper first describes some security controls to help protect against SSL pinning bypassing. Subsequently, some existing methods for bypassing are presented and two new methods are defined. We performed some experiments to check the use of security controls in widely used applications, and applied SSL pinning bypassing methods. Finally, we created an applicability framework, relating the implemented security controls and the methods that are applicable. This framework provides a guideline for pentesters and app developers.
Subject
General Physics and Astronomy
Reference41 articles.
1. The evolution of open-source mobile applications: An empirical study
2. What installed mobile applications tell about their owners and how they affect users’ download behavior
3. Security issues with self-signed SSL certificates;Kumar;Int. J. Innov. Technol. Explor. Eng. (IJITEE),2019
4. On Estimating the Number of Worldwide LTE Cell-IDs and WiFi Apshttps://combain.com/uploads/Whitepaper_WorldWide_LTE_CellID_and_WiFi_APs_A.pdf
5. Sensitive data in Smartphone Applications: Where does it go? Can it be intercepted?;Anthi,2017
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献