7. CCS’12论文
• 使用SSL通信的流行软件中:
– 1074个接受所有证书或主机名,可以MITM
– 约41%可以有效攻击
– 影响3950万-1.85亿用户
– 包括American Express, Diners Club,
Paypal, bank accounts, Facebook, Twitter,
Google, Yahoo, Microsoft Live ID, Box,
WordPress等
来源:S. Fahl, M. Harbach, T. Muders, M. Smith, L. Baumgärtner,
and B. Freisleben, “Why eve and mallory love android: an
analysis of android SSL (in)security,” presented at the CCS '12:
Proceedings of the 2012 ACM conference on Computer and
communications security, 2012.
ISF2012•上海 Android软件安全攻防研究现状 - 肖梓航 7