Our travels through the OSI seven layers of networking have shown that each layer has specific weaknesses and angles of attack. In turn, each has its best defenses. Now, we’ve come to the OSI presentation layer. Here translation, encryption and compression all happen.

What Is the Presentation Layer?

The simplest way to describe the OSI presentation layer is as follows: it is where machine-readable code gets processed into something the end user can use later in the application layer. This layer is where formatting, conversion and encryption happen. Without it, unless you’re a developer, you likely won’t know what you’re looking at.

Attacks and Threats

If you are using an HTTPS website, encryption would happen at the presentation layer. That means getting your encryption right matters here. Therefore threat actors look for exploits in encryption flaws within the OSI presentation layer. One of the most common tactics is SSL hijacking or sniffing.

Like we said in previous entries, man-in-the-middle (MitM) attacks are one of the go-to moves for threat actors. In conjunction with malware, SSL hijacking can be damaging at the OSI presentation layer. If an attacker has already installed malware on a machine, the MitM would use a proxy to serve as an untrusted certificate authority. If this is the case, the browser will trust the wrong certificate authority and now the attacker will be able to read all messages. For this reason, it is important that your antivirus is up to date and you are doing what you can to stop malware from entering your devices.

As mentioned in the previous piece on the session layer, attackers will take advantage of bad coding practices. That’s true at this layer as well. Keep this in mind when you choose and add software into your enterprise.

The Journey Through the OSI Seven-Layer Model

We’re almost done with the journey through the OSI seven-layer model. After the OSI presentation layer, we’ll look at the application layer. By far, this is where the widest range of attacks and breaches can occur. Therefore, it’s very important to understand.

More from Mobile Security

Juice jacking: Is it a real issue or media hype?

4 min read - You get off a flight and realize your phone is almost out of battery, which will make getting an Uber at your destination a bit challenging. Then you see it — a public charging station at the next gate like a pot of gold at the end of the rainbow. As you run rom-com style to the USB port, you may briefly wonder if it’s actually safe from a cybersecurity perspective to plug in your phone. The answer is technically…

Third-party app stores could be a red flag for iOS security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

A view into Web(View) attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today