MitM Attack Archives

Hot Topics

‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans

Richi Jennings | July 10, 2024 | blast radius, collision-based-hashing-algorithm-disclosure, CVE-2024-3596, hash, hash algorithms, hash function, hash functions, Man In The Middle, man in the middle attack, man in the middle attacks, maninthemiddleattacks, md5 hash, men-in-the-middle attack, mitm, MitM Attack, mitm attacks, RADIUS, SB Blogwatch

MD5 MITM Muddle: Ancient, widely used protocol has CVSS 9.0 vulnerability ...

Security Boulevard

Limitations of Huawei HarmonyOS Safety Detect: What You Need to Know

George McGregor | July 1, 2024 | API Security - Analysis, News and Insights, App Attestation, certificate pinning, HarmonyOS, MitM Attack, Mobile API Security, mobile app security

This overview outlines the development and adoption of Huawei HarmonyOS and the associated security solution Safety Detect, highlighting some limitations with the approach. As regulations such as the EU DMA force the ...

Approov Blog

Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data

Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ...

Security Boulevard

The Limitations of Google Play Integrity API (ex SafetyNet)

George McGregor | December 20, 2023 | Android Security, API security, API Security - Analysis, News and Insights, man in the middle attack, MitM Attack, mobile app development, SafetyNet

This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by ...

Approov Blog

SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec

Richi Jennings | December 20, 2023 | Authentication, CBC, ChaCha20, chaves ssh, CVE-2023-48795, libSSH, Man In The Middle, man in the middle attack, man in the middle attacks, mitm, MitM Attack, mitm attack prevention, mitm attacks, openssh, OpenSSH protocol, SB Blogwatch, SSH, Terrapin

Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches ...

Security Boulevard

The Security Threats to Mobile Crypto Apps and How to Protect Them

George McGregor | July 28, 2023 | API Security - Analysis, News and Insights, Fintech, man in the middle attack, MitM Attack, Run-time Secrets Protection

The last year has not been great for crypto. Most crypto currencies, including Bitcoin, experienced significant loss of value, and we saw high profile exchanges like FTX collapse. In addition, hackers were ...

Approov Blog

‘BrutePrint’ Unlocks Android Phones — Chinese Researchers

Or, at least, OLDER phones: SPI/TEE MITM FAIL ...

Security Boulevard

What is Runtime Application Self-Protection (RASP)?

Shona Hossell | April 6, 2023 | API security, API Security - Analysis, News and Insights, MitM Attack, mobile app development, Mobile Security, threats

Runtime Application Self-Protection (RASP) is a security technology that is designed to protect applications from attacks while the application is running. It works by embedding a security mechanism directly into the application, ...

Approov Blog

Mobile App Security: Uncovering the Risks of Secret Theft at Runtime

George McGregor | March 15, 2023 | API Abuse, API Security - Analysis, News and Insights, Fintech, MitM Attack

This is our second blog highlighting the results of the Approov Threat Lab Report ...

Approov Blog

Do You Want to Know a Secret? Just Take a Look Inside Top Finance Apps

George McGregor | March 7, 2023 | A Series - Mobile API Security, API Keys, API security, API Security - Analysis, News and Insights, Business, Fintech, MitM Attack

Financial apps have access to valuable and sensitive personal data, so you would think mobile app security would be top-of-mind for financial institutions. But is it? ...

Approov Blog