Hacker News new | past | comments | ask | show | jobs | submit login

Possibly. When I originally looked at Kik Messenger back in November 2010, it wasn't using SSL for anything. Even passwords were going over the wire in the clear. In March 2011 they added SSL functionality, but it didn't do any certificate verification. A few months later in June they added appropriate certificate verification. I wrote a small Perl script at the time as a POC which would automatically add signatures to peoples outgoing Kik messages if they were using your network. It even worked with the SSL version of Kik before they added cert verification - https://grepular.com/Advertise_Your_Wifi_in_Your_Customers_K...



I'm sure quite a few apps do it, I know WhatsApp does it for certain.

MITM your phone and watch the traffic, your entire contact list gets sent through every time you open the application.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: