Another discussion on the security of apps

Modern people have long been out of the smart phone, almost a machine, the common person walking while slippery, really dangerous. We use mobile app shopping, with online silver app pay, with stock app to fry, too convenient so it became commonplace.

Yes, because it is too convenient, so most will only pay attention to good, and few people will pay attention to whether it is safe enough. Of course, the so-called enough security is actually involved in many aspects, including network transmission, encryption algorithm, as well as the back-end server is also a part of the overall security, I also do not intend to do academic research, what information theory, cryptography. Just put it aside and it will be dark if you want to talk about it. Let's actually take a look at the app.

As shown, we can monitor in real time ... Oh, no, let's just say that we can see in real-time how this online banking app is doing. Including the entry of the keystroke, that is, each input character, and background server information, in the left half of the window is "see" the clear.

If you ask me if I have a lack of account, is it possible to hacked into someone's online banking account? There are several scenarios to explore:

1. Man-in-the-middle attack-this is unlikely, you see the major manufacturers are competing to enforce the use of HTTPS, if you want to intercept and crack HTTPS communication content, it is not easy. You think, if so simple, net silver has become a hacker's ATM, and if come true, as long as a media disclosure, those banks do not mix, at this time the bank is also afraid of the fate of the failure, because the customer is not confident full uproar ~
2. Black into the backend server-this trick destroy Huanglong is absolutely reasonable, become not to see if there is a good protection.
3. Black into the phone-this is not bad, but it is not easy, in public places more hopeful, but also have to use the public places provided by the WiFi is relatively good hands. But it also takes time to attack Ah, if the busy long time not to wear, the man is ready to leave what to do? I had to ask for a cup of coffee and let him/her sit for a while.
4. Social engineering-This trick is less trouble, is less need for technical content, but also to do some search work. Love search work done well, coupled with a Qiao mouth talk with each other, cheat the relevant important information, can achieve even better than other methods of effectiveness.
5. "Take" to the other side of the mobile phone-this trick is invincible, if the phone is in the hands of the hero, there are basically a lot of things to do, leave you to play the imaginary space ~

Another discussion on the security of apps