SSL and TLS protocol based vulnerabilities
Mobile applications and their backend servers communicate with each other over a network. Secured Socket Layer (SSL) and Transport Layer Security (TSL) protocols are most commonly used for authentication and security. Even though the Data is encrypted, these protocols have a few vulnerabilities. It is possible to intercept a message if an older version of a protocol is used, as older encryption algorithms are easy to decipher. One such vulnerability is narrated below.
A mobile application sends a request to its backend server. An impersonator intercepts the communication and acts as a server. The attacker gets the mobile app to agree upon using an older version of the protocol that is exploitable. Once accepted, the app would apply the protocol to the messages. As the intruder already has access to the data, all which is left is to exploit a known vulnerability and gain access to the transmitted information. The encryption methodology used in the protocol may be easy to undo, allowing the attacker to decrypt the traffic.
The remedy is to disable support for the older version of SSL and TLS protocols. Stronger encryption algorithms like ‘AEAD cypher’ should be used. Data compression should be avoided.