How to Prevent MitM Attacks Between Mobile Apps and APIs
An Approov Whitepaper
The massive deployment of mobile apps is presenting new attack surfaces to bad actors. The channel between apps and APIs presents a rich target for hackers via Man-in-the-Middle (MitM) attacks. Transport Level Security (TLS) alone is not sufficient to stop them since tools installed in the device can easily hack into encrypted communications.
This free white paper explains why MitM attacks are a particular issue for mobile apps, providing an in-depth analysis of the problem and the techniques used by hackers. It discusses how certificate pinning can help thwart mobile MitM attacks and outlines the operational advantages of being able to set the pins dynamically.Download the white paper today to understand the steps you should take today to enhance your security and protect your organization’s data and revenue from these types of exploits.
Request Your Copy
Because of an unexpected error, we are unable to complete your request.
If this persists, let us know on the contact us page, and we will get back to you as soon as possible.
Whitepaper Contents
- Introduction
- Man in the Middle Attacks
- TLS and Encrypted Traffic
- The Chain of Trust
- Breaking Trust - Trust Store Poisoning
- Breaking Trust - CA Breach
- The Benefits of Pinning
- Public Key Pinning versus Certificate Pinning
- Implementing Pinning p9
- The Static Pinning Configurator
- The Operational Risks of Pinning
- The Bad News - Pinning Can Be Bypassed in the Client
- Pinning Bypass by App Repackaging
- Pinning Bypass Using a Hooking Framework
- Certificate Transparency
- Dynamic Pinning Provides Easy Administration and Elimination of Operational Risks
- The Final Piece in the Puzzle - How to Block Client-Side MitM Attacks
- Approov: Complete MitM Protection with Assured Service Continuity
- Conclusion