TY - GEN
T1 - Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps
AU - Chothia, Tom
AU - Garcia, Flavio
AU - Heppel, Chris
AU - McMahon Stone, Christopher
PY - 2017/12/23
Y1 - 2017/12/23
N2 - This paper presents a security review of the mobile apps provided by the UK’s leading banks; we focus on the connections the apps make, and the way in which TLS is used. We apply existing TLS testing methods to the apps which only find errors in legacy apps. We then go on to look at extensions of these methods and find five of the apps have serious vulnerabilities. In particular, we find that two apps pin a TLS root CA certificate, but do not verify the hostname. In this case, the use of certificate pinning means that all existing test methods would miss detecting the hostname verification flaw. We find that three apps load adverts over insecure connections, which could be exploited for in-app phishing attacks. Some of the apps used the users’ PIN as authentication, for which PCI guidelines require extra security, so these apps use an additional cryptographic protocol; we study the underlying protocol of one banking app in detail and show that it provides little additional protection, meaning that an active man-in-the-middle attacker can retrieve the user’s credentials, login to the bank and perform every operation the legitimate user could.
AB - This paper presents a security review of the mobile apps provided by the UK’s leading banks; we focus on the connections the apps make, and the way in which TLS is used. We apply existing TLS testing methods to the apps which only find errors in legacy apps. We then go on to look at extensions of these methods and find five of the apps have serious vulnerabilities. In particular, we find that two apps pin a TLS root CA certificate, but do not verify the hostname. In this case, the use of certificate pinning means that all existing test methods would miss detecting the hostname verification flaw. We find that three apps load adverts over insecure connections, which could be exploited for in-app phishing attacks. Some of the apps used the users’ PIN as authentication, for which PCI guidelines require extra security, so these apps use an additional cryptographic protocol; we study the underlying protocol of one banking app in detail and show that it provides little additional protection, meaning that an active man-in-the-middle attacker can retrieve the user’s credentials, login to the bank and perform every operation the legitimate user could.
U2 - 10.1007/978-3-319-70972-7_33
DO - 10.1007/978-3-319-70972-7_33
M3 - Conference contribution
SN - 9783319709710
T3 - Lecture Notes in Computer Science
SP - 579
EP - 597
BT - Financial Cryptography and Data Security
A2 - Kiayias, Aggelos
PB - Springer
T2 - 21st International Conference on Financial Cryptography and Data Security (FC 2017)
Y2 - 3 April 2017 through 7 April 2017
ER -