Gmail users on iOS at risk of data interception

Users accessing Gmail on Apple's devices could be at risk of having their data intercepted, a mobile security company said Thursday. Avi Bashan, chief information security officer for Lacoon Mobile Security said that Google has not yet implemented a security technology, known as 'certificate pinning', that would prevent attackers from viewing and modifying encrypted communications exchanged with the Web giant.

"In particular, in iOS, a threat actor can install a configuration profile which contains the root Certificate Authority (CA). The configuration profile is an extremely sensitive iOS file which allows [them] to re-define system functionality parameters such as device, mobile carrier and network settings. The root CA is what enables the threat actor to create spoofed certificates of legitimate services. It is important to note that the configuration profile is very simple to install. More so, many legitimate enterprise policies demand its installation," Bashan noted.

According to Bashan, the company notified Google of the problem on 24 February and although Google had recognised, validated and said it would fix the flaw, it remains open. The company published details of the weakness in the hope of pressuring Google into fixing the issue.

Until the time a fix is released, enterprises are advised to check the configuration profiles of devices to ensure they don't include root certificates, ensure that a secure channel like a VPN is used when accessing corporate resources, and perform network and device analysis to detect MitM attacks.

Read more -here-

• US moves to force ByteDance to sell TikTok
• Ray-Ban Meta smart glasses can now play Apple Music
• Apple's AI will work without an Internet connection
• Tesla recalls new Cybertrucks over accelerator hazard
• Comcast rolls out 'Now' prepaid phone and internet plans
• Logitech adds ChatGPT button to hardware