This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Stripping recognized?

Hello there,

we are using different and totally separated wifi connections in our business unit (also from different providers). Since today we get a nottification from Sophos Mobile Security for every of these WIFI´s that there is SSL Stripping recognized. This is even the case when there is no browser used on this smartphone. Can this be an issue of todays software definitions? Of course we already had scanned the Smartphone with Sophos Mobile Security but there was found no problem.

Kind regards - Hannes



This thread was automatically locked due to age.
  • Thank you, we'll await your response. :-)

  • Hi! I'm in Monterrey Mexico, I started getting this messages in two SSID's from the same vendor, (Axtel) but not from others.

    This in three company phones so far now.

    I'll keep an eye on this issue as it evolves.

    Cheers!

    Carlo.

  • I am having the same issue with an SSL Stripping warning having suddenly appeared on an Android mobile connected via wi-fi to a BT Home Hub 5 in the UK. I noticed it at about 10pm GMT on 3rd December. I hope this IS a false positive that gets sorted out as soon as possible, as it is of course very concerning to have the prominent warning from Sophos on display.

  • This has turned into a common issue across many devices today so it is a legitimate concern. Hope to have an answer and solution soon or I will need to remove the app.

  • Hi, this is Thomas from the Mobile Product Management team.

    A quick update on this issue. We have identified the root cause of the issue and an update of our test data is currently processed to be distributed via Sophos cloud-based services.

    Please stay patient for some more time till this is processed. The app will update its data automatically and this issue will disappear.

    I will send another update, once we update has happened and Sophos Mobile Security will again work as expected

     

    Thomas 

  • Hi Thomas / TLI,

    Many thanks for the status update.

    I am also seeing this on my home network. I was becoming concerned since the routers settings were all correct and DNS servers IPs were not tampered with. I also rebooted and turned off the router to no effect.

    Having only my Android phone (Samsung Galaxy S9 Plus, Android 8.0 with November 1st patch level), my smart TV and my IP camera active on the local network still showed SSL Striping occurring. I had then considered the possibility of a false positive but it’s good to know that this is the case.

    My next step was going to be factory resetting the router. It’s firmware is up to date (although the router, Asus DSL-N55U (Annex-A) has not received a vendor update since January 2015). It has a very strong WPA2 key and strong router admin interface username and password. I will purchase a new router in the next 6 months as WPA3 emerges.

    Thanks for resolving this issue so quickly.

  • Hi,

    A last and hopefully final message from my side. We have released an update to our data via the Sophos data warehouse. All mobiles receive this update, and it should fix the issue. Your well-known networks should no longer show any warning.

    Normally the update gets applied automatically, but you can manually request the update using this procedure:

    1. Go to Settings
    2. Scroll down till you see “Last update” and click on this. A message “Updating anti-virus data” will be shown.
    3. Wait for some time (depending on network connectivity)
    4. Switch to Wi-Fi Security in the menu and re-scan your current connection
    5. Your network should now no longer be marked as bad

    Please let us know, if this procedure does not fix your issue and you continue to see a warning.

    Thank you all for your patience and I very much apologize if this issue caused any troubles on your side

    Thomas

  • Hi Everyone,

    A definition update was published resolving this issue. Please refer the following KBA .

    Sophos Mobile Security for Android - Wi-Fi connection listed as insecure due to detected SSL stripping

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.