Detection of Superfish and other Komodia based certs

[yzn...@gmail.com]

Hi - This is a question rather than an issue ...

I saw ngtf flagged one of my apps as allowing the Superfish cert to be used as a MITM attack. I checked the Android certificate store and couldn't see "Superfish" in the Issued To/By fields for trusted CAs (as suggested by Filippo https://filippo.io/Badfish/removing.html).

I'm curious - do you think this suggest the Superfish CA trust is handled in the app code itself, or do you think it's detecting another cert generated using the Komodia SDK?

Thanks in advance.

[Chad Brubaker]

Most likely your app isn't doing any chain of trust verification at all (ie: it would be vulnerable to a self-signed cert as well).

--
You received this message because you are subscribed to the Google Groups "nogotofail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nogotofail+...@googlegroups.com.
To post to this group, send email to nogot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nogotofail/79d40c52-3852-4932-b41a-4633e0e111c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[yzn...@gmail.com]

Thanks Chad - your suggestion was right. I retested and the app is vulnerable to the self-signed certificate attack.