November 16th, 2018
The most popular Android custom ROM Cyanogenmod is vulnerable to what is known as Man in the Middle attacks due to the reuse of Java code that contains this very same vulnerability. A Security researcher which goes by the name of Vulture South (to hide its true identity) says that CM developers have used old Java 1.5 code and “They just copy-pasted the sample code and that’s what was vulnerable” causing the popular ROM to be exposed to this vulnerability.
The vulnerability was demonstrated at the Ruxcon computer security conference currently taking place in Melbourne and allows hackers to use any hostname they wished on SSL certificates and have it accepted by big certificate, allowing Ma in the Middle attacks.
According to Vulture south the fix is fairly simple and the Cyanogenmod team has been informed about this security flaw, we could see it being fixed in future CM version