How to Prevent Mobile Man-in-the-Middle (MitM) Attacks

The communication channel between apps and APIs presents a rich target for hackers via Man-in-the-Middle (MitM) attacks. Transport Level Security (TLS) alone is not sufficient to stop them since tools installed in the device can easily intercept encrypted communications.

This free whitepaper provides an in-depth analysis of the techniques used by hackers and explains how certificate pinning can help thwart mobile MitM attacks. It also introduces methods to prevent hackers tampering with device environments.

In addition, it shows how over-the-air updates can be employed to reduce the chance of customer service being interrupted. Certificate rotations can be handled instantly and cleanly, eliminating any need to update apps.

Request Your Copy Now

CriticalBlue (developer of Approov) will use the personal information you provide to send you the content requested and information about our services. You may unsubscribe from these communications at any time by clicking the link at the bottom of our emails. For information on our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

MitM Attack

Whitepaper Contents

  • Introduction
  • Man in the Middle Attacks
  • TLS and Encrypted Traffic
  • The Chain of Trust
  • Breaking Trust - Trust Store Poisoning
  • Breaking Trust - CA Breach
  • The Benefits of Pinning
  • Public Key Pinning versus Certificate Pinning
  • Implementing Pinning
  • The Static Pinning Configurator
  • The Operational Risks of Pinning
  • The Bad News - Pinning Can Be Bypassed in the Client
  • Pinning Bypass by App Repackaging
  • Pinning Bypass Using a Hooking Framework
  • Certificate Transparency
  • Dynamic Pinning Provides Easy Administration and Elimination of Operational Risks
  • The Final Piece in the Puzzle - How to Block Client-Side MitM Attacks
  • Approov: Complete MitM Protection with Assured Service Continuity
  • Conclusion