Cyber Defense eMagazine November Edition for 2021

More documents

Recommendations

Info

(Image source: Approov) You might be wondering about the fact that API traffic is normally encrypted using TLS (Transport Level Security). You are right and in TLS there's a whole protocol around ensuring that the mobile app thinks it's talking to a legitimate backend server. However, a MitM can insert themselves into the channel such that the mobile app ends up talking to the MitM actor over an encrypted channel thinking that it's actually the backend server. Thus, the MitM can see all the traffic, potentially modify the traffic, and then transmit that on, again over an encrypted channel back to the backend service. Let’s look at how TLS is supposed to work and how it can be manipulated. When a communication is made from the app to the backend service, there is a certificate that is on your server that's part of an overall trust chain that proves the legitimacy of that particular server and that it actually belongs to the person you say it belongs to. This uses public key infrastructure (PKI) and during the negotiation, a number of different certificates are presented and are checked by the client to prove that they are correct, and this follows a trust chain that ultimately needs to lead to a root certificate authority. The anchor point in terms of trust is the fact that there are a number of certificates which are essentially pre-installed and updated on the mobile device itself from certificate authorities and you only accept the traffic if you have a chain of trust leading there. Now, there are a couple of ways that this trust chain can be subverted. One way is to use a MitM tool, of which there are many, such as mitmproxy. In such cases you’ll be analyzing traffic from a mobile app and you're also controlling the device. Tools such as mitmproxy create a certificate that is installed onto the end user device. Rather than being a certificate from a root certificate authority, it is actually a selfsigned certificate that the tool has made up. You install it into the trust store on the device and then when the tool intercepts traffic, on the fly it will create leaf certificates for the particular domains that you are visiting, which have a chain of trust back to the self-signed certificate authority that you have put on the device. Thus, everything will check out on the trust side and the traffic is redirected to the MitM rather Cyber Defense eMagazine – November 2021 Edition 96 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
than actually going to the server. From there the MitM will then connect to the real server, allowing the traffic to continue but actually there's this proxy in the middle that's seeing all the traffic. You can replay the traffic and you can now modify the traffic if you want. (Image source: Approov) The other way that you can break the trust is if there has been a breach of a certificate authority or a bad issuance of a certificate. One of the weaknesses of the PKI architecture is the fact that there are a large number of root certificate authorities that are installed on the device and if there's a breach in any of those then that could lead to a situation in which a certificate for a domain that you're connecting to you could have an attacker certificate incorrectly issued. So the trust is only as strong as the weakest link. The Benefits of Certificate Pinning Certificate pinning helps mobile app developers protect mobile apps from the MitM attacks described above. However, despite its usefulness, it isn't widely used. Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). The connection is terminated immediately if communication is attempted with any server that doesn't match this "expected" value. Cyber Defense eMagazine – November 2021 Edition 97 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
The Top 3 Cyber Security Mistakes a
Page 3 and 4:
How To Effectively Secure Connected
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - November
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
2. Technology and System It is also
Page 37 and 38:
NetOps Enhances Security Growing nu
Page 39 and 40:
the businesses utilizing an indepen
Page 41 and 42:
Sensitive data exposure and the ser
Page 43 and 44:
You’ve Been Attacked by Ransomwar
Page 45 and 46: ● Stop the bleeding: Segregate th
Page 47 and 48: Digital Transformation Security: Gu
Page 49 and 50: When the partners and solutions hav
Page 51 and 52: Why The Integration of Netops And S
Page 53 and 54: organizations, where siloed operati
Page 55 and 56: How to protect yourself from cyber
Page 57 and 58: Five Cloud Telephony Security Vulne
Page 59 and 60: By encrypting all data end-to-end a
Page 61 and 62: The following signs may indicate a
Page 63 and 64: The 5 Most Common Cyber-Attacks on
Page 65 and 66: social engineering attacks by reduc
Page 67 and 68: throughout your everyday operations
Page 69 and 70: protect critical systems, applicati
Page 71 and 72: • Protect Data There are various
Page 73 and 74: Overcoming the Limitations of VPN,
Page 75 and 76: • VPN cannot limit access control
Page 77 and 78: About the Author Burjiz Pithawala i
Page 79 and 80: A Work in Progress The Advanced Tec
Page 81 and 82: SOAR Into More Integrated Cybersecu
Page 83 and 84: analyst requires more data to reall
Page 85 and 86: Critically, this survey found that
Page 87 and 88: About the Author Mike East is Vice
Page 89 and 90: complete security strategy should i
Page 91 and 92: Financial Institutions Leveraging C
Page 93 and 94: CIAM is an area that is increasingl
Page 95: (Image source: Statista) Attacking
Page 99 and 100: and have complete control over all
Page 101 and 102: What Do Spear Phishing Attacks Look
Page 103 and 104: Our report also suggests that emplo
Page 105 and 106: Keeping Your Guard Up: Protecting A
Page 107 and 108: create significant security risks t
Page 109 and 110: Stop Phishing in its Tracks The Del
Page 111 and 112: Lateral Movement - The Key Element
Page 113 and 114: isolating endpoints, MDR analysts c
Page 115 and 116: When Does a Vulnerability Become a
Page 117 and 118: So, what if I change my query from:
Page 119 and 120: How To Bring Your Own Key to Hybrid
Page 121 and 122: Absence of sole control - is BYOK t
Page 123 and 124: On-premise versus virtual HSMs To b
Page 125 and 126: Protect Data with Deep Packet Inspe
Page 127 and 128: This type of Data Breach Prevention
Page 129 and 130: We buy more products...and we’re
Page 131 and 132: Access over Ownership Cybersecurity
Page 133 and 134: How To Do Disruptive Innovation Rig
Page 135 and 136: 3. Verify all patents, trademarks,
Page 137 and 138: Cyber Defense eMagazine - November
Page 147 and 148:
Page 149 and 150:
CyberDefense.TV now has 200 hotseat
Page 151 and 152:
Books by our Publisher: https://www
Page 153 and 154:
Page 155:
show all

Cyber Defense eMagazine November Edition for 2021

Create successful ePaper yourself

Delete template?

Save as template?