SSL Stripping recognized?

Hello there,

we are using different and totally separated wifi connections in our business unit (also from different providers). Since today we get a nottification from Sophos Mobile Security for every of these WIFI´s that there is SSL Stripping recognized. This is even the case when there is no browser used on this smartphone. Can this be an issue of todays software definitions? Of course we already had scanned the Smartphone with Sophos Mobile Security but there was found no problem.

Kind regards - Hannes

  • My wife is seeing this problem on her Android phone.

  • I am facing the same problem with different Android Devices here in my home network.

    Regards,

    Torsten

  • It is also happening on my Android phone. I first disabled WiFi and then re-enabled it. Sure enough,  I get the message 'Suspicious WiFi connected detected'. It also adds 'SSL stripping detected'. I am using a BT Home Hub 3 router.

  • We are also seeing this on our home network. We have Sophos installed on 3 Android phones. Security scans say no issues found. The SSL Stripping Detected message is new to our devices this morning. I uninstalled Sophos from one phone, installed Avast and ran its wifi security tool which showed no issues, then uninstalled Avast and reinstalled Sophos. The SSL Stripping Detected message continues to show. With others seeing this today I'm wondering if the problem is with a software update to the app versus an actual threat. I don't know if Sophos employees monitor this forum but would appreciate some guidance if so. I use my home network to connect to a work VPN and am concerned with possible vulnerabilities.

  • In reply to Dan Mosier:

    I have almost the exact same issue, started seeing this message today on home network. Two Android phones that have the Sophos client installed started showing this message. In a panic I called my Broadband provider,(Virgin) and asked them to check, they responded with no issues on their end,(i.e. their  HUB). Looking into it more I don't have any warnings on Laptops or Desktops in the house and like you I installed another security tool onto the phone(McAfee) and its WiFi checker gave the all clear. So you could be right, maybe an update to the Sophos client that has done something strange! I'm on VPN for work too so keen to know if this is just a bug.

  • In reply to Kevin Farrington:

    Hi All,

    Apologies for this inconvenience and thank you for reporting this. 

    I will be reaching out to our team and following up with feedback I receive.

    Regards,

  • In reply to FloSupport:

    I've turned off WiFi on my Android phone in the meantime, but am worried about my other devices (Windows 10 laptop, etc.)

    Is this a false positive or will I require a firmware upgrade on my router?

    Thanks.

  • In reply to Steve Dwyer:

    By the way I have a Samsung Galaxy S4 running Android 5.1, so I understand that there's no way to get a security upgrade for this model any longer.

     

    Should I consider flashing Cyanogen mod instead in order to be able to keep my phone up to date with Android security patches?

     

    Cheers.

  • In reply to Steve Dwyer:

    Hi Steve,

    I am currently following up with our team to report this issue, I will update this thread once I receive feedback.

    It seems strange to me that you are all experiencing this issue at the same time, however the last update for our Application occurred on October 31st.

  • Hi, this is Thomas from the Mobile Product Management team.

    I have experienced the same issue with two well known and secure networks. We are not sure, what is triggering this as we have not made any changes recently.

    For the moment please regard this as false positive. We will investigate with all hands on deck tomorrow morning (Central European Timezone) and provide an update afterwards.

    Sorry for any inconvenience.

    Thomas

  • In reply to TLI:

    Thanks Thomas.

  • In reply to FloSupport:

    Thank you, we'll await your response. :-)

  • In reply to TLI:

    Than you. :-)

  • In reply to TLI:

    Hi! I'm in Monterrey Mexico, I started getting this messages in two SSID's from the same vendor, (Axtel) but not from others.

    This in three company phones so far now.

    I'll keep an eye on this issue as it evolves.

    Cheers!

    Carlo.

  • I am having the same issue with an SSL Stripping warning having suddenly appeared on an Android mobile connected via wi-fi to a BT Home Hub 5 in the UK. I noticed it at about 10pm GMT on 3rd December. I hope this IS a false positive that gets sorted out as soon as possible, as it is of course very concerning to have the prominent warning from Sophos on display.