{ "id": "0e2ac83e-f09f-4fac-afa1-9cd4c2934c13", "created_at": "2026-04-06T01:28:59.845656Z", "updated_at": "2026-04-10T13:12:18.955056Z", "deleted_at": null, "sha1_hash": "571b09c9ba9ae5ce053eaa6ffbe1a40fca88de34", "title": "APP-1 · Mobile Threat Catalogue", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 42814, "plain_text": "APP-1 · Mobile Threat Catalogue\r\nArchived: 2026-04-06 00:42:53 UTC\r\nMobile Threat Catalogue\r\nMan-in-the-middle Attack on Server Authentication\r\nContribute\r\nThreat Category: Vulnerable Applications\r\nID: APP-1\r\nThreat Description: Apps that exchange information with a back-end server should strongly authenticate the\r\nserver before attemtping to establish a secure connection. If the authentication mechanism used by the app is\r\nweak, such as not validating a server certificate, an attacker can readily impersonate the back-end server to the app\r\nand achieve a man-in-the-middle (MITM) attack. This would provide an attacker with unauthorized access to all\r\nunencrypted transmitted data, including modification of data-in-transit. A successful MITM greatly facilitates\r\nfurther attacks against the client app, the back-end server, and all parties of a compromised session.\r\nThreat Origin\r\nMobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices 1\r\nExploit Examples\r\nWhy Eve and Mallory Love Android: An Analysis of Android SSL (In)Security 2\r\nSMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android\r\nApps 3\r\nHow We Discovered Thousands of Vulnerable Android Apps in One Day 4\r\nCVE Examples\r\nCVE-2016-3664\r\nCVE-2014-5618\r\nPossible Countermeasures\r\nMobile App Developer\r\nUse fail-safe logic when establishing a connection to the back-end server; if server certificate validation fails, do\r\nnot continue to negotiate a secure session or fall back to an unencrypted communication protocol, and warn the\r\napp user.\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-1.html\r\nPage 1 of 2\n\nOn Android devices, use the Android Network Security Policy feature, Certificate Pinning.\r\nTo reduce the impact of a successful MiTM attack on your application, consider the use of public key\r\ncryptography to protect sensitive data destined for back-end servers prior to transmission off the device.\r\nEnterprise\r\nApp vetting tools/services or pen testing to detect MiTM vulnerabilities in mobile apps.\r\nReferences\r\n1. L. Neely, Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices, SANS\r\nInstitute, 2016; www.sans.org/reading-room/whitepapers/analyst/mobile-threat-protection-holistic-approach-securing-mobile-data-devices-36715 [accessed 8/25/2016] ↩\r\n2. S. Fahl et al., “Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security”, in\r\nProceedings of the 2012 ACM conference on Computer and Communications Security, 2012, pp. 50-61;\r\nhttp://dl.acm.org/citation.cfm?id=2382205 [accessed 8/25/2016] ↩\r\n3. D. Sounthiraraj et al., “SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps”, in Proceedings of the 2014 Network and Distributed System\r\nSecurity Symposium, 2014; www.internetsociety.org/sites/default/files/10_3_1.pdf [accessed 8/25/2016] ↩\r\n4. J. Montelibano and W. Dormann, How We Discovered Thousands of Vulnerable Android Apps in 1 Day,\r\npresented at RSA Conference USA 2015, 19 Apr. 2015;\r\nwww.rsaconference.com/writable/presentations/file_upload/hta-t08-how-we-discovered-thousands-of-vulnerable-android-apps-in-1-day_final.pdf [accessed 8/25/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-1.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-1.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "origins": [ "web" ], "references": [ "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-1.html" ], "report_names": [ "APP-1.html" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775438939, "ts_updated_at": 1775826738, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/571b09c9ba9ae5ce053eaa6ffbe1a40fca88de34.pdf", "text": "https://archive.orkl.eu/571b09c9ba9ae5ce053eaa6ffbe1a40fca88de34.txt", "img": "https://archive.orkl.eu/571b09c9ba9ae5ce053eaa6ffbe1a40fca88de34.jpg" } }