We caught a banking app using a weak cipher suite. Here’s how.

During a partner proof-of-concept, Corrata’s on-device deep packet inspection flagged a live banking app transmitting data over a cryptographically weak TLS configuration — something no perimeter tool would ever see.
During a recent partner evaluation, Corrata flagged a connection to a major banking app. At first glance it looked like a false positive. It wasn’t.
The app was negotiating TLS_RSA_WITH_AES_128_CBC_SHA — a cipher suite considered weak by modern standards. Our on-device DPI engine inspected the full TLS handshake in real-time. Based on that assessment and per the deployment’s configuration, it first reported the weak cipher and then blocked the connection. This is exactly the kind of risk that conventional security tools miss entirely.
Why this weak cipher suite is a problem
RSA key exchange provides no perfect forward secrecy — if the server’s private key is ever compromised, all past sessions can be decrypted. CBC mode has been superseded by GCM and is vulnerable to padding oracle attacks. SHA-1 is cryptoglooraphically broken.
What made this particularly interesting: when we ran the server through SSLLabs, the stronger TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 was available — it just wasn’t being prioritised. This is a configuration error, not a fundamental flaw in the bank’s infrastructure. But from a mobile device’s perspective, the outcome is the same.
Cipher suite comparison
✕ What was used
TLS_RSA_WITH_AES_128_CBC_SHA
- RSA key exchange — no perfect forward secrecy
- CBC mode — vulnerable to padding oracle attacks
- SHA-1 — cryptographically broken
✓ What should be used
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- ECDHE — perfect forward secrecy by default
- GCM mode — authenticated encryption, no padding issues
- SHA-384 — modern and cryptographically sound
Why only on-device DPI catches this
This only became visible because of Corrata’s on-device DPI. We inspect below the IP layer — no VPN tunnel, no proxy, no agent relaying traffic to the cloud. The inspection happens directly on the device, which means we see the actual cipher negotiated between the app and the server, not just metadata about the connection.
Traditional MTD and MDM tools don’t go this deep. They might flag a known malicious domain or detect a rogue Wi-Fi network, but they won’t catch a banking app quietly negotiating a cipher suite that would make any security engineer wince.
In line with our responsible disclosure policy, we contact the affected organisation directly — sharing our findings, the SSLLabs report, and a clear path to remediation. In every case we’ve done this, the fix has been fast.
Mobile endpoints connect to a lot of servers. Not all of them are configured correctly — including ones you’d expect to be locked down. If you can’t inspect what’s being negotiated at the TLS layer, you’re flying blind.
See Corrata’s DPI in action
Run a proof-of-concept on your own device fleet — deployed in 24 hours. Contact us to book a demo.