Save $250 on Galaxy Book5 Pro 360
Discussions are now open! Start your own threads and share your thoughts with the community.
Discussions are now open! Start your own threads and share your thoughts with the community.

CyanogenMod allegedly susceptible to Man-in-the-Middle attacks due to negligence

By
11comments
Google News Follow
Follow us on Google News
Android
CyanogenMod allegedly susceptible to Man-in-the-Middle attacks due to negligence
Being the most popular 3rd-party ROM for Android, CyanogenMod surely basks in a lot of popularity from those Android users who are into custom firmwares. Unfortunately though, it appears that the ROM might pose a lot of security threats to its users, as it is allegedly susceptible to MitM (Man in the Middle) attacks. Discovered by an anonymous security researcher, the breach has the potential to bring some trouble in paradise for those who make use of CyanogenMod and the numerous other ROMs that derive from it.

The reason for this extremely serious breach is pure negligence. See, the researcher claims the team behind CyanogenMod has just “copy-pasted” an outdated code sample of Oracle's Java 1.5. The code is used so as to parse certificates and take cold of hostnames, but suffers from an old bug and is by no means resistant to MitM attacks.

"I was looking at HTTP component code and I was thinking I had seen this code before. I checked on GitHub and found out a tonne [sic] of others were using it," the anonymous security insider revealed. "If you go and create a SSL certificate for a domain you own, say evil.com and in an element of the certificate signing request such as the 'organisation name' field you put the 'value,cn=*domain name*, it will be accepted as the valid domain name for the certificate."

The anonymous researcher has subsequently tried to reach up to Cyanogen and inform them about the gaping hole in CyanogenMod's security. Hopefully, the team behind the popular ROM has undertaken the necessary actions and will fix the flaw.

Grab Surfshark VPN now at more than 50% off and with 3 extra months for free!

Secure your connection now at a bargain price!


We may earn a commission if you make a purchase

Check Out The Offer
Did you enjoy this article?
Еxplore more with a FREE members account.
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Manage your newsletter choices
Register For Free
https://m-cdn.phonearena.com/images/users/90-200/Peter-K.webp
Peter Kostadinov Senior Reviews Writer
Peter, an experienced tech enthusiast at PhoneArena, is captivated by all things mobile. His impartial reviews and proficiency in Android systems offer readers valuable insights. Off-duty, he delves into the latest cryptocurrency trends and enjoys sci-fi and video games.
Read the latest from Peter Kostadinov
Loading Comments...

Latest Discussions

Which U.S. carrier do you use, and how does it perform day-to-day?

by Abdullah Asim • 1

Best ways to use AI on your phone?

by Stanislav Serbezov • 4

iPhone 16 Pro Max vs Galaxy S25 Ultra

by Rad Slavov • 2
Start Discussion View All

Recommended Stories

Popular stories

Galaxy Z Fold 7 and Z Flip 7 leaked prices are bad news for Samsung fans
Galaxy Z Fold 7 and Z Flip 7 leaked prices are bad news for Samsung fans
Verizon reps allegedly reaching out to customers in a personal capacity
Verizon reps allegedly reaching out to customers in a personal capacity
It's like Verizon disappeared the second things got inconvenient
It's like Verizon disappeared the second things got inconvenient
Samsung Galaxy Z Fold 7 makes the Fold 6 look ancient
Samsung Galaxy Z Fold 7 makes the Fold 6 look ancient
T-Mobile Tuesdays-style gifts arriving for Verizon customers as part of Project 624
T-Mobile Tuesdays-style gifts arriving for Verizon customers as part of Project 624
Take a look at what the redesigned Google Phone app will look like
Take a look at what the redesigned Google Phone app will look like

Latest News

iOS 26 quietly adds a feature you'll thank Apple for when things go wrong
iOS 26 quietly adds a feature you'll thank Apple for when things go wrong
Pixel 10 Pro Fold could be first foldable with this feature topping the Galaxy Z Fold 7 and Flip 7
Pixel 10 Pro Fold could be first foldable with this feature topping the Galaxy Z Fold 7 and Flip 7
Congress just banned a major app over data fears — and it’s not the one you’d expect
Congress just banned a major app over data fears — and it’s not the one you’d expect
Apple releases iOS 26 Developer Beta 2 with new features and a clue about the iPhone 17 Air
Apple releases iOS 26 Developer Beta 2 with new features and a clue about the iPhone 17 Air
T-Mobile is handing out a major freebie, and it could save you hundreds a year
T-Mobile is handing out a major freebie, and it could save you hundreds a year
T-Mobile makes huge Starlink announcement as it celebrates another 5G win over AT&T and Verizon
T-Mobile makes huge Starlink announcement as it celebrates another 5G win over AT&T and Verizon
FCC OKs Cingular\'s purchase of AT&T Wireless