This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Stripping recognized?

Hello there,

we are using different and totally separated wifi connections in our business unit (also from different providers). Since today we get a nottification from Sophos Mobile Security for every of these WIFI´s that there is SSL Stripping recognized. This is even the case when there is no browser used on this smartphone. Can this be an issue of todays software definitions? Of course we already had scanned the Smartphone with Sophos Mobile Security but there was found no problem.

Kind regards - Hannes



This thread was automatically locked due to age.
Parents
  • Hi, this is Thomas from the Mobile Product Management team.

    I have experienced the same issue with two well known and secure networks. We are not sure, what is triggering this as we have not made any changes recently.

    For the moment please regard this as false positive. We will investigate with all hands on deck tomorrow morning (Central European Timezone) and provide an update afterwards.

    Sorry for any inconvenience.

    Thomas

  • Hi, this is Thomas from the Mobile Product Management team.

    A quick update on this issue. We have identified the root cause of the issue and an update of our test data is currently processed to be distributed via Sophos cloud-based services.

    Please stay patient for some more time till this is processed. The app will update its data automatically and this issue will disappear.

    I will send another update, once we update has happened and Sophos Mobile Security will again work as expected

     

    Thomas 

  • Hi Thomas / TLI,

    Many thanks for the status update.

    I am also seeing this on my home network. I was becoming concerned since the routers settings were all correct and DNS servers IPs were not tampered with. I also rebooted and turned off the router to no effect.

    Having only my Android phone (Samsung Galaxy S9 Plus, Android 8.0 with November 1st patch level), my smart TV and my IP camera active on the local network still showed SSL Striping occurring. I had then considered the possibility of a false positive but it’s good to know that this is the case.

    My next step was going to be factory resetting the router. It’s firmware is up to date (although the router, Asus DSL-N55U (Annex-A) has not received a vendor update since January 2015). It has a very strong WPA2 key and strong router admin interface username and password. I will purchase a new router in the next 6 months as WPA3 emerges.

    Thanks for resolving this issue so quickly.

  • Hi,

    A last and hopefully final message from my side. We have released an update to our data via the Sophos data warehouse. All mobiles receive this update, and it should fix the issue. Your well-known networks should no longer show any warning.

    Normally the update gets applied automatically, but you can manually request the update using this procedure:

    1. Go to Settings
    2. Scroll down till you see “Last update” and click on this. A message “Updating anti-virus data” will be shown.
    3. Wait for some time (depending on network connectivity)
    4. Switch to Wi-Fi Security in the menu and re-scan your current connection
    5. Your network should now no longer be marked as bad

    Please let us know, if this procedure does not fix your issue and you continue to see a warning.

    Thank you all for your patience and I very much apologize if this issue caused any troubles on your side

    Thomas

  • Hi Everyone,

    A definition update was published resolving this issue. Please refer the following KBA .

    Sophos Mobile Security for Android - Wi-Fi connection listed as insecure due to detected SSL stripping

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • Hi Gowtham and Thomas,

     

    Many thanks to you both and your teams for such a speedy resolution and reassuring explanations while the fix was pending.

    I'm really impressed by such service for a free app. This is why I have used Sophos for many years and will continue to do so. I wish you both a great day :)

Reply
  • Hi Gowtham and Thomas,

     

    Many thanks to you both and your teams for such a speedy resolution and reassuring explanations while the fix was pending.

    I'm really impressed by such service for a free app. This is why I have used Sophos for many years and will continue to do so. I wish you both a great day :)

Children
No Data