Securing your mobile application traffic is apparently more difficult than it should be, as researchers Anthony Trummer and Tushar Dalvi discovered when looking into SSL/TLS usage on the Android operating system and applications, as well as on iOS and Windows 8 mobile.
In this podcast recorded at the Hack in the Box conference in Amsterdam, Trummer, who’s a Staff Information Security Engineer at LinkedIn, points out the most common mistakes organizations make when implementing SSL/TLS, and gives instructions on how to avoid them.
He also talks about a new SSL/TLS attack they devised that can be executed by attackers to gain a temporary MitM position and intercept the customer’s traffic.