The Savage Curtain: Mobile SSL Failures

Transcription

1 The Savage Curtain: Mobile SSL Failures

2 Who are these guys? Tony Trummer - Staff Security Engineer aka SecBro Tushar Dalvi - Sr. Security Engineer & Pool Hustler

3 A Private Little War Our Click to edit Master textdoes styles employer generally not have prior knowledge of, condone, support or otherwise endorse our research

4 The Menagerie { Apps Click are to edit Masteroftext styles mash-ups native and web code { Java, Objective C, Swift, etc. { Developers control SSL/TLS security settings

5 Basics Fourthseveral level TLS provides security features { Encryption { Authenticity { Integrity In apps, unlike browsers, whether you see a certificate warning is up to the app developer.

6 Wolf in the Fold { the ONLY against TLS Clickistoreally edit Master textprotection styles Man-in-the (MitM) attacks Second middle level Third level { MitM is significantly easier to perform against mobile devices

7 Tomorrow Is Yesterday Before dismissing the idea of large Second level attacks... scale or supply-chain { Recent reports of pre-installed trojans Fourth level on low-end» Android Fifth leveldevices { In 2013, Nokia was found to be performing MitM on customer traffic, reportedly for performance reasons { In 2013, reports surfaced claiming that the NSA and GCHQ ( Flying Pig ) were actually performing real-world MitM attacks

8 The Immunity Syndrome Infosec folks often roll their eyes when they Second level read statements on sites or in apps that tout Third level Fourth TLS uselevel and how big their keys are

9 Journey to Babel One Click to edit Master styles night, after a fewtext drinks, we decided to Second level starting with proxying their test some apps, web requests

10 Into Darkness

11 First aspect of certificate validation The app or level OS must verify the certificate is Second cryptographically signed by the private key of a» trusted Certificate Authority Fifth level

12 Proper certificate validation Certificatelevel is signed by the private key of a trusted CA? Second Is this an intermediate certificate? Trusted Root CA

13 Forget Something? Tony Tushar

14 A Piece of the Action

15 A Taste of Armageddon

16 The Trouble with Tribbles

17 The Trouble with Tribbles

18 Testing for CA validation use proxy { Configure Click todevice edit to Master text styles { Configure Second BurpSuite's level proxy listener to Generate a level CA-signed per-host Third certificate» Fifththe level { DO NOT install proxy's CA certificate on the test device { Verify you see a certificate warning in the native mobile browser { Step through each section of the app { If you see HTTPS traffic, in Burpsuite, the app failed

19 Second aspect of validation Click to edit Master text styles Does the Subject Common or Alternative name match the hostname of Fourth thelevel site you're visiting?

20 Proper certificate validation Does the Common or Subject Alternative Name Match the hostname? Traces back to Trusted Root CA

21 By any other name

22 By any other name

23

24 The Apple

25 And the Children Shall Lead

26 Amok Time

27 By any other name

28 By any other name

29 Testing for proper hostname validation { Install Portswigger CA cert on device { Configure your device to use a proxy { Configure proxy listener Fourth level to Generate a CAsigned certificate with a specific hostname» Fifth level { Set the hostname to foobar.com { Verify you see a certificate warning in the native mobile browser { Step through each section of the mobile app { If you see HTTPS traffic, the app failed

30 Proper certificate validation Does the Common or Subject Alternative Name Match the DNS hostname? Second level Not expired? Not revoked? Traces back to Trusted Root CA

31 Damn it, Jim!

32 The Naked Time { Credit card Click to numbers, edit Master text styles passwords, Secondand/or level session cookies

33 Dagger of the mind { Unencrypted credit text styles Click to edit Master card information Second level { Tier 1Third PCIlevel merchant { 10 million+ installations

34 Court Martial FTC Clickvs. to edit Master text styles Fandango & Credit Karma level flaws cited in the { One ofthird the major Fourth level suit was failure to validate SSL certificates on mobile applications { Agreed to establish comprehensive security programs { Agreed to undergo independent security assessments every other year for 20 years { Scolded publicly for not keeping their privacy promises to consumers

35

36 SSL session caching Click to edit Master text styles { During the initial handshake Second level the certificate Third level is validated { Subsequent client requests re-use the previous handshake and do not re-validate the certificate { TOFU (Trust On First Use)

37 The Enemy Within would Second How a level bad guy get my phone?» Fifth level it more likely Why is mobile? on

38 Patterns of Force If I have physical access, couldn't I just... { Install malicious Fourth level app { Access your data

39 Turnabout Intruder Since Click to session edit Master text styles SSL caching only Second level checks the certificate once, you Thirditlevel only need on the device for as long it takes you to make the first connection, after which you can delete it

40 The City on the Edge of Forever Second level how long to { Server decides accept the cached session { In other words, the bad guy gets to decide how long to accept the cached session... { We refer to this feature as EverPWN

41

42 Shields Up! { Review your code { Implement policy { Test pre-release { Train developers

43 Shields Up! In Android, investigate these: text styles Click to edit Master { TrustManager { SSLSocket getinsecure { SSLSocketFactory { HostNameVerifier In ios, investigate these areas: { Don't use AFNetworking < v { _AFNETWORKING_ALLOW _INVALID_SSL_CERTIFICATES_ { SetAllowsAnyHTTPSCertificate { kcfstreamsslallowsanyroot

44 Shields Up! { Pinning Certificate Click to edit Master text styles { Dev Third and level prod signing certificates are required to be different in both ios and Android { Build validation models based on which certificate is used to sign the app

45 Live Long and Prosper Contact Clickand to edit Master text styles testing instructions: Trummer: Tony Tushar Dalvi: R.I.P Reggie Destin