SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
Many Android apps use SSL/TLS to transmit sensitive information securely. However, developers can override the standard SSL/TLS certificate validation process, introducing vulnerabilities. In this paper, we present SMV-Hunter, a system for the automatic, large-scale identification of such vulnerabilities combining static and dynamic analysis, and evaluate it on 23,418 apps.