Mobile SSL failures: More common than they should be

Securing your mobile application traffic is apparently more difficult than it should be, as researchers Anthony Trummer and Tushar Dalvi discovered when looking into SSL/TLS usage on the Android operating system and applications, as well as on iOS and Windows 8 mobile.

In this podcast recorded at the Hack in the Box conference in Amsterdam, Trummer, who’s a Staff Information Security Engineer at LinkedIn, points out the most common mistakes organizations make when implementing SSL/TLS, and gives instructions on how to avoid them.

He also talks about a new SSL/TLS attack they devised that can be executed by attackers to gain a temporary MitM position and intercept the customer’s traffic.