SSL Stripping recognized?

Hello there,

we are using different and totally separated wifi connections in our business unit (also from different providers). Since today we get a nottification from Sophos Mobile Security for every of these WIFI´s that there is SSL Stripping recognized. This is even the case when there is no browser used on this smartphone. Can this be an issue of todays software definitions? Of course we already had scanned the Smartphone with Sophos Mobile Security but there was found no problem.

Kind regards - Hannes

  • In reply to Dan Mosier:

    This has turned into a common issue across many devices today so it is a legitimate concern. Hope to have an answer and solution soon or I will need to remove the app.

  • In reply to TLI:

    Hi, this is Thomas from the Mobile Product Management team.

    A quick update on this issue. We have identified the root cause of the issue and an update of our test data is currently processed to be distributed via Sophos cloud-based services.

    Please stay patient for some more time till this is processed. The app will update its data automatically and this issue will disappear.

    I will send another update, once we update has happened and Sophos Mobile Security will again work as expected

     

    Thomas 

  • In reply to TLI:

    Hi Thomas / TLI,

    Many thanks for the status update.

    I am also seeing this on my home network. I was becoming concerned since the routers settings were all correct and DNS servers IPs were not tampered with. I also rebooted and turned off the router to no effect.

    Having only my Android phone (Samsung Galaxy S9 Plus, Android 8.0 with November 1st patch level), my smart TV and my IP camera active on the local network still showed SSL Striping occurring. I had then considered the possibility of a false positive but it’s good to know that this is the case.

    My next step was going to be factory resetting the router. It’s firmware is up to date (although the router, Asus DSL-N55U (Annex-A) has not received a vendor update since January 2015). It has a very strong WPA2 key and strong router admin interface username and password. I will purchase a new router in the next 6 months as WPA3 emerges.

    Thanks for resolving this issue so quickly.

  • In reply to TLI:

    Hi,

    A last and hopefully final message from my side. We have released an update to our data via the Sophos data warehouse. All mobiles receive this update, and it should fix the issue. Your well-known networks should no longer show any warning.

    Normally the update gets applied automatically, but you can manually request the update using this procedure:

    1. Go to Settings
    2. Scroll down till you see “Last update” and click on this. A message “Updating anti-virus data” will be shown.
    3. Wait for some time (depending on network connectivity)
    4. Switch to Wi-Fi Security in the menu and re-scan your current connection
    5. Your network should now no longer be marked as bad

    Please let us know, if this procedure does not fix your issue and you continue to see a warning.

    Thank you all for your patience and I very much apologize if this issue caused any troubles on your side

    Thomas

  • In reply to C T:

    Hi Everyone,

    A definition update was published resolving this issue. Please refer the following KBA .

    Sophos Mobile Security for Android - Wi-Fi connection listed as insecure due to detected SSL stripping

  • In reply to Gowtham Mani:

    Hi Gowtham and Thomas,

     

    Many thanks to you both and your teams for such a speedy resolution and reassuring explanations while the fix was pending.

    I'm really impressed by such service for a free app. This is why I have used Sophos for many years and will continue to do so. I wish you both a great day :)

  • Dear Thomas & Gowtham Mani,

    also from my side I can report that the newest definition update solved the problem with our networks. There is no longer a warning referring to SSL Stripping. Tnak you very much for reacting so promptly and helpful.

    Best regards

    H.Reicher

  • In reply to TLI:

    Thanks Thomas & your team for a speedy resolution.

    Great work guys!

    Cheers,

    Steve

  • In reply to Gowtham Mani:

    Hi Gowtham,

    Thanks for the link to the KBA and the speedy turnaround by all at Sophos!

    Cheers,

    Steve

  • In reply to Gowtham Mani:

    Had the same issue ,  new to forum thanks for sorting it out.

  • In reply to TLI:

    Hello Thomas,

     

    attached I send you two screenshots.

     

    The problem is not completely solved IMHO .

     

    What is  irritating and puzzling for me:

     

    The fact that my regular connection is still described as

    <unknown ssid> although  I've several times deleted the connection and scanned

    the QR code on the original card of my Fritz!Box with Sophos and then

    re-scanned my current connection.

    The result is still  <unknown ssid> !

     

    Thank you for further help.

     

    Hans