New attack allows HTTPS session hijacking on mobile

Posted on September 13, 2012 by Tom

If you use your phone or other mobile device to access secure sites (HTTPS) like banking, you should be aware that a new attack has been discovered against HTTPS on mobile web browsers. The attack, called CRIME, targets TLS compression/SPDY and allows attackers to decrypt secure data streams. The concern is that most, if not all, mobile systems are vulnerable.

Desktop browsers like Chrome and Mozilla have been patched for this and IE doesn’t support TLS compression/SPDY at all. Safari doesn’t support SPDY but its TLS compression support is unknown.

Creative Commons License
This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

About Tom

The best that can be said is that the less said, the better.
This entry was posted in Gadgets, Security and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Maximum 2 links per comment. Do not use BBCode.