The Broadband Guide
search advanced
 forgot password?

Gmail users on iOS at risk of data interception

2014-07-11 11:09 by
Tags: ,


Users accessing Gmail on Apple's devices could be at risk of having their data intercepted, a mobile security company said Thursday. Avi Bashan, chief information security officer for Lacoon Mobile Security said that Google has not yet implemented a security technology, known as 'certificate pinning', that would prevent attackers from viewing and modifying encrypted communications exchanged with the Web giant.

"In particular, in iOS, a threat actor can install a configuration profile which contains the root Certificate Authority (CA). The configuration profile is an extremely sensitive iOS file which allows [them] to re-define system functionality parameters such as device, mobile carrier and network settings. The root CA is what enables the threat actor to create spoofed certificates of legitimate services. It is important to note that the configuration profile is very simple to install. More so, many legitimate enterprise policies demand its installation," Bashan noted.

According to Bashan, the company notified Google of the problem on 24 February and although Google had recognised, validated and said it would fix the flaw, it remains open. The company published details of the weakness in the hope of pressuring Google into fixing the issue.

Until the time a fix is released, enterprises are advised to check the configuration profiles of devices to ensure they don't include root certificates, ensure that a secure channel like a VPN is used when accessing corporate resources, and perform network and device analysis to detect MitM attacks.

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About