CyanogenMod allegedly susceptible to Man-in-the-Middle attacks due to negligence

CyanogenMod allegedly susceptible to Man-in-the-Middle attacks due to negligence
Being the most popular 3rd-party ROM for Android, CyanogenMod surely basks in a lot of popularity from those Android users who are into custom firmwares. Unfortunately though, it appears that the ROM might pose a lot of security threats to its users, as it is allegedly susceptible to MitM (Man in the Middle) attacks. Discovered by an anonymous security researcher, the breach has the potential to bring some trouble in paradise for those who make use of CyanogenMod and the numerous other ROMs that derive from it.

The reason for this extremely serious breach is pure negligence. See, the researcher claims the team behind CyanogenMod has just “copy-pasted” an outdated code sample of Oracle's Java 1.5. The code is used so as to parse certificates and take cold of hostnames, but suffers from an old bug and is by no means resistant to MitM attacks.

The anonymous researcher has subsequently tried to reach up to Cyanogen and inform them about the gaping hole in CyanogenMod's security. Hopefully, the team behind the popular ROM has undertaken the necessary actions and will fix the flaw.


Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless