Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Information Security
Exchanging Demands: Weaknesses In Ssl Implemenations For Mobile Platforms, Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone
Exchanging Demands: Weaknesses In Ssl Implemenations For Mobile Platforms, Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone
Clinton Carpene
The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement. This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices. A two‐phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man‐in‐the‐middle attack to gain a vantage point over the client device, whilst Phase 2 involves spoofing the server‐side ActiveSync responses to initiate the unauthorised policy enforcement. These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to perform a remote factory …