DUBLIN, May 17, 2022 /PRNewswire/ — Mobile threat defense solutions provider Corrata today announced the discovery of poor encryption practices on a number of major websites, including Irish telecommunications company Eir and German newspaper Picture. In accordance with its responsible disclosure practice, Corrata has contacted the owners of the affected websites and the weaknesses have now been corrected. However, other websites are likely to contain similar vulnerabilities and Corrata urges website owners to ensure their encryption meets industry best practices.
Today, the vast majority of websites use encryption to ensure the privacy of sensitive data exchange between users and the website. This confidentiality is based on the use of an Internet protocol called Transport Layer Security (TLS). HTTPS is the implementation of TLS used when browsing websites. Its use is generally indicated by the appearance of the padlock symbol in the upper left corner of the address bar of the browser.
However, not all website implementations of https are equally secure. Some websites use outdated versions of the protocol known to be vulnerable to hacking. This is particularly risky when using WiFi networks because traffic passing between a mobile phone and a WiFi access point can easily be spied on. Internet users rely on the fact that sensitive data is transmitted in encrypted form to combat this espionage. However, when weak encryption is used, it will fail to protect sensitive data such as passwords, financial information, and other confidential data.
The specific weakness discovered by Corrata was related to the sites’ web servers being misconfigured to favor an old, insecure cipher called RC4 when accessed using iOS devices (iPhone and iPad). Vulnerabilities in this cipher make it vulnerable to hacking, and website owners have been strongly advised against using it for at least ten years. Devices equipped with Corrata’s Mobile Threat Defense solution automatically detect these vulnerabilities and prevent the theft of user data. It was these routine checks that brought the vulnerability to light.
Corrata is the global leader in mobile security for organizations of all sizes. Based at Dublin, Irelandthey are currently working with leading companies across Europe and North America to provide comprehensive protection against phishing, malware, man-in-the-middle attacks and data loss on smartphones and tablets without the complexity of competing solutions. Corrata’s mobile endpoint security solution operates discreetly and locally on a user’s mobile phone or tablet, without disrupting device performance and without compromising employee privacy or the user experience.