from Hacker News

Ask HN: How common or plausible are TLS MITM attacks?

by aphextron on 5/31/21, 2:18 AM with 5 comments

In building a financial app, I've been thinking constantly about security. Ultimately everything comes back to TLS. If that's able to be compromised, there's almost no way I can think of to stay secure. How common or realistic is it to assume this could ever happen to my application?

  • by xyzzy123 on 5/31/21, 3:15 AM

    Assuming that TLS will not be broken in transit is a common and reasonable assumption. The easiest way to break TLS is at the endpoints.

    Implementation errors in your code, cert mis-issuance, errors in the underlying TLS implementation (certificate parsing and validation errors are quite common) and device compromise are all things to think about.

    It might be useful to think about what is your responsibility versus the device vendor's responsibility versus the user's responsibility.

  • by pitched on 5/31/21, 2:28 AM

    Assuming you aren’t certificate pinning, if someone gets access to the device unlocked for a moment, they can add their own cert to the device trust and you’re dead. This is a big deal if you’re building a kiosk type of thing but not so much if it’s a phone app.

    The better approach is to assume your app will get MITMed and reduce how much damage the attacker can do.

  • by fffkkkhhh on 5/31/21, 9:07 AM

    @aphextron are you aphex from ytmnd?