Why Banker Bob (Still) Can't Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps

@inproceedings{Chothia2017WhyBB,
  title={Why Banker Bob (Still) Can't Get TLS Right: A Security Analysis of TLS in Leading UK Banking Apps},
  author={Tom Chothia and Flavio D. Garcia and Chris Heppel and Chris McMahon Stone},
  booktitle={Financial Cryptography},
  year={2017}
}
This paper presents a security review of the mobile apps provided by the UK’s leading banks; we focus on the connections the apps make, and the way in which TLS is used. We apply existing TLS testing methods to the apps which only find errors in legacy apps. We then go on to look at extensions of these methods and find five of the apps have serious vulnerabilities. In particular, we find an app that pins a TLS root CA certificate, but do not verify the hostname. In this case, the use of… 
Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications
TLDR
A large-scale in-depth investigation of the effectiveness of Google Play’s countermeasures against man-in-the-middle attacks finds that Play does not effectively block vulnerable apps.
Spinner: Semi-Automatic Detection of Pinning without Hostname Verification
TLDR
This paper shows that certificate pinning can (and often does) hide the lack of proper hostname verification, enabling MITM attacks, and presents Spinner, a new tool for black-box testing for this vulnerability at scale that does not require purchasing any certificates.
Security Analysis of Unified Payments Interface and Payment Apps in India
TLDR
A principled methodology is used to do a detailed security analysis of the UPI protocol by reverse-engineering the design of this protocol through seven popular UPI apps, discovering previously-unreported multi-factor authentication design-level flaws that can lead to significant attacks when combined with an installed attacker-controlled application.
An Empirical Assessment of Security Risks of Global Android Banking Apps
TLDR
A three-phase automated security risk assessment system, named Ausera, which leverages static program analysis techniques and sensitive keyword identification and finds that apps owned by subsidiary banks are always less secure than or equivalent to those owned by parent banks.
A Penetration Testing on Malaysia Popular e-Wallets and m-Banking Apps
TLDR
The security aspect of five popular e-wallets in Malaysia were analyzed and the results revealed the secure e-wallet and m-banking apps among the selected apps.
"If HTTPS Were Secure, I Wouldn't Need 2FA" - End User and Administrator Mental Models of HTTPS
TLDR
It is found that end users often confuse encryption with authentication, significantly underestimate the security benefits of HTTPS, and ignore and distrust security indicators while administrators often do not understand the interplay of functional protocol components.
AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps
TLDR
The first automated security risk assessment is undertaken and focus on global banking apps to examine FinTech, finding that outdated version of banking apps, pollution from third-party libraries, and weak hash functions are all likely to be exploited by attackers.
Assessing the No-Knowledge Property of SpiderOak ONE
TLDR
An independent security review of SpiderOak ONE, a popular encrypted cloud storage application, presents a number of vulnerabilities that can be exploited by a malicious storage server to break the confidentiality of the users’ password and therefore the users' data.
Uma Análise da Utilização de HTTPS no Brasil
TLDR
An analysis of the use of HTTPS in Brazil shows that the majority of the analyzed sites use or support old versions of TLS/SSL, which contain known vulnerabilities and, thus, can be exploited by malicious agents.
Are Certificate Thumbprints Unique?
TLDR
This paper shows that thumbprints are not unique in two cases, and demonstrates that creating two X.509 certificates with the same thumbprint is possible when the hash function is weak, in particular when chosen-prefix collision attacks are possible.
...
...

References

SHOWING 1-10 OF 31 REFERENCES
Why eve and mallory love android: an analysis of android SSL (in)security
TLDR
An analysis of 13,500 popular free apps downloaded from Google's Play Market revealed that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks, and MalloDroid is introduced, a tool to detect potential vulnerability againstMITM attacks.
The most dangerous code in the world: validating SSL certificates in non-browser software
TLDR
It is demonstrated that SSL certificate validation is completely broken in many security-critical applications and libraries and badly designed APIs of SSL implementations and data-transport libraries which present developers with a confusing array of settings and options are analyzed.
To Pin or Not to Pin-Helping App Developers Bullet Proof Their TLS Connections
TLDR
An easy-to-use web-application is built that supports developers in the decision process and guides them through the correct deployment of a pinning-protected TLS implementation, and weakens the assumption that pinning is a widely usable strategy for TLS security in non-browser software.
A Tangled Mass: The Android Root Certificate Stores
TLDR
The interplay of certificate sets deployed by the device manufacturers, mobile operators, and the Android OS is reported on, and use of TLS interception via HTTPS proxies employed by a market research company is discovered.
Mo(bile) Money, Mo(bile) Problems
TLDR
P pervasive vulnerabilities spanning botched certification validation, do-it-yourself cryptography, and other forms of information leakage that allow an attacker to impersonate legitimate users, modify transactions, and steal financial records are uncovered.
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations
TLDR
This work designs, implements, and applies the first methodology for large-scale testing of certificate validation logic in SSL/TLS implementations, and implements and applies "frankencerts," synthetic certificates that are randomly mutated from parts of real certificates and thus include unusual combinations of extensions and constraints.
A Messy State of the Union: Taming the Composite State Machines of TLS
TLDR
This work systematically test popular open-source TLS implementations for state machine bugs and discovers several critical security vulnerabilities that have lain hidden in these libraries for years, and have now finally been patched due to the disclosures.
You Won't Be Needing These Any More: On Removing Unused Certificates from Trust Stores
TLDR
This paper examines a root problem of the weakest-link property of the CA based system and proposes a simple stop-gap measure which can improve the security of HTTPS immediately and argues that this removal is an important first step to improve HTTPS security.
Protocol State Fuzzing of TLS Implementations
TLDR
This approach can catch an interesting class of implementation flaws that is apparently common in security protocol implementations: in three of the TLS implementations analysed new security flaws were found (in GnuTLS, the Java Secure Socket Extension, and OpenSSL).
Scrutinizing WPA2 Password Generating Algorithms in Wireless Routers
TLDR
A strategy on how to reverse-engineer embedded routers is composed and a procedure that can instantly gather a complete wireless authentication trace which enables an offline password recovery attack is described.
...
...