SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps

Author(s): David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, Latifur Khan

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

Many Android apps use SSL/TLS to transmit sensitive information securely. However, developers can override the standard SSL/TLS certificate validation process, introducing vulnerabilities. In this paper, we present SMV-Hunter, a system for the automatic, large-scale identification of such vulnerabilities combining static and dynamic analysis, and evaluate it on 23,418 apps.