Question

Phone gap security weakness you need to fix yourself for MITM

1

For those making a phonegap application, this may be an interesting article http://www.neglectedpotential.com/2013/01/sslol/ Short summary is that by default your mendix app trusts all certificates on you phone. This means that if someone installs thier own certificate as trusted, he wil be to start his man-in-the-middle attack. To fix this I think if would be good if Mendix apps come by defaul with the phonegap certificate checking mechanisme such as this one and checks the default fingerprint. Even though this does give problems with expiration of certificates of apps which wil force your users to download a new version.

asked 2017-02-09

Ralph Lenssen

1 answers

Nikel Kruizinga · Answer 1 · 2017-02-09

I admit I only skimmed the actual article. But just by reading your post you're just telling us that when the client's security is compromised, the client's security is compromised. And you should never trust a client. All this can't be news.

What does an actual exploit look like?