Chances are, you’ve either heard of or used the catch phrase ‘there’s an app for that’ at least once before. So, when asked the question, ‘Do you want to steal a mobile app’s secrets?’ it may come as no surprise that there is, in fact, an app for that.
SSL Packet Capture is the name of the mobile app in question, and is currently available for free on the Google Play Store. Yes, you read that right. A mobile app exists, free of charge, which allows anyone with a basic understanding of technology to intercept and decode supposedly secure communications.
The mobile app utilizes reverse engineering, a concept that works by analyzing the original code and then identifying and exploiting any discovered security weaknesses or holes. Through reverse engineering, SSL Packet Capture is able to intercept and decrypt transmissions made between the mobile app and its back-end services.
Security researchers from the ProgrammableWeb tested out SSL Packet Capture on a variety of popular mobile messaging apps and found that despite the use of HTTPS, they were still able to spy on the apps’ communications.
This is especially troubling as HTTPS is intended to securely encrypt all transmissions, and prevent reverse engineering from occurring.
The researchers discovered that when SSL Packet Capture had been installed on a mobile device, the app would monitor, and decrypt nearly all traffic running between the mobile device and the Internet.
SSL Packet Capture is just the latest in a series of hacks and attacks reminding users that the Internet is not as safe and reliable for transmitting information as was once assumed.
With tools like SSL Packet Capture out there, ready for anyone to use regardless of hacking expertise, how can we keep our mobile devices secure? By following a few quick tips, you’ll be on your way to tighter security and a more protected mobile device:
- Monitor the information you choose to send through your mobile device and the mobile apps you are trusting to deliver it. Banking details and social security numbers, for example, should always be communicated offline and in the most secure manner possible.
- Equip your mobile device with comprehensive security software. McAfee® Mobile Security is free for both Android and iOS, and offers a variety of protections to keep unwanted eyes, and apps, out of your device and off of your personal information.
- Change your passwords frequently and always make them complex. Sometimes, your passwords will inevitably fall into the wrong hands – but changing them regularly will lessen your chances of this happening and keeping them complex will make them harder to guess.