Google Gmail application for iOS is exposed to risks of a Man-in-the-Middle attack which allow bad actors to monitor encrypted email communcations. A security expert at mobile security firm Lacoon has discovered that the version of Gmail for iOS based mobile device does not perform the certificate pinning procedure when establishing a trusted connection to the service provider. By impersonating the legitmate server through using a spoofed SSL certificate, the bad actor can open up the encryption, view, and even modify all communcation in plaintext including passwoords, emails, and chats.

To read more, follow this link

Monday, July 14, 2014

« Back