Rishabh Dudheria

Work place: Department of Electrical and Computer Engineering, New York Institute of Technology

E-mail: rdudheria@nyit.edu

Website:

Research Interests: Computational Science and Engineering, Computational Engineering, Computer systems and computational processes, Computer Architecture and Organization

Biography

Rishabh Dudheria is an Assistant Professor in the Department of Electrical and Computer Engineering at New York Institute of Technology. He completed PhD and MS in Electrical and Computer Engineering at Rutgers, The State University of New Jersey in 2013 and 2008 respectively. His research is broadly focused in the field of Security.

Author Articles
Assessing Vulnerability of Mobile Messaging Apps to Man-in-the-Middle (MitM) Attack

By Rishabh Dudheria

DOI: https://doi.org/10.5815/ijcnis.2018.07.03, Pub. Date: 8 Jul. 2018

Mobile apps are gaining in popularity and are becoming an indispensable part of our digital lives. Several mobile apps (such as messaging apps) contain personal/private information of the users. Inevitably, the compromise of accounts associated with such sensitive apps can result in disastrous consequences for the end user. Recently, Password Reset Man-in-the-Middle (PRMitM) attack was proposed at the application level in which an attacker can take over a user’s web account while the user is trying to access/download resources from the attacker’s website. In this work, we adapt this attack so that it can be applied in the context of mobile messaging apps. Specifically, we analyze 20 popular mobile messaging apps for vulnerability to MitM attack, 10 of which support secure communication through end-to-end encryption. Based on our holistic analysis, we have identified 10 of the tested apps as being vulnerable to MitM attack and elaborated on the corresponding attack scenarios. On comparing the secure messaging apps to non-secure messaging apps for vulnerability to MitM attack, we found that an app’s features and design choices decide if it is susceptible to MitM attack irrespective of whether it provides end-to-end encryption or not. Further, we have proposed design improvements to increase the overall security of all mobile messaging apps against MitM attack.

[...] Read more.
Other Articles