the savage curtain: mobile ssl failuresconference.hitb.org/hitbsecconf2015ams/materials/d1t2 - tony...
TRANSCRIPT
![Page 1: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/1.jpg)
The Savage Curtain:The Savage Curtain:
Mobile SSL FailuresMobile SSL Failures
![Page 2: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/2.jpg)
Who are these guys?Who are these guys?
Tony Trummer - Staff Security Engineer aka “SecBro”
Tushar Dalvi - Sr. Security Engineer & Pool Hustler
![Page 3: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/3.jpg)
Our employer generally does not have priorknowledge of, condone, support or otherwise
endorse our research
A Private Little WarA Private Little War
![Page 4: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/4.jpg)
The MenagerieThe Menagerie{ Apps are mash-ups of native and web code
{ Java, Objective C, Swift, etc.
{ Developers control SSL/TLS securitysettings and warnings
![Page 5: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/5.jpg)
BasicsBasics
TLS provides several security features
{ Encryption
{ Authenticity
{ Integrity
In apps, unlike browsers, whether you see a certificatewarning is up to the app developer.
![Page 6: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/6.jpg)
Tomorrow Is Yesterday Tomorrow Is Yesterday
Before dismissing the idea of large-scaleor supply-chain attacks...
{ Recent reports of pre-installed trojans onlow-end Android devices
{ In 2013, Nokia was found to be performingMitM on customer traffic, reportedly forperformance reasons
{ In 2013, reports surfaced claiming that theNSA and GCHQ (“Flying Pig”) wereactually performing real-world MitM attacks
{ 2015, Lenovo laptops vulnerable due toSuperFish CA certificate pre-installed
![Page 7: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/7.jpg)
Wolf in the FoldWolf in the Fold{ TLS is really the ONLY protection againstMan-in-the middle (MitM) attacks
{ MitM is significantly easier to performagainst mobile devices
![Page 8: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/8.jpg)
The Immunity SyndromeThe Immunity Syndrome
Infosec folks often roll their eyes when theyread statements on sites or in apps that tout
TLS use and how big their keys are
![Page 9: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/9.jpg)
Journey to BabelJourney to Babel
One night, after a few drinks, we decided totest some apps, starting with proxying their
web requests
![Page 10: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/10.jpg)
Into DarknessInto Darkness
![Page 11: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/11.jpg)
First aspect ofFirst aspect of
certificate validationcertificate validation
The app or OS must verify the certificate iscryptographically signed by the private key
of a trusted Certificate Authority
![Page 12: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/12.jpg)
Proper certificate Proper certificate
validationvalidation
Certificate is signed by the private key of a trusted CA?Certificate is signed by the private key of a trusted CA?
Is this an intermediate certificate?Is this an intermediate certificate?
Trusted Root CATrusted Root CA
![Page 13: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/13.jpg)
Forget Something?Forget Something?
Tony Tushar
![Page 14: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/14.jpg)
A Piece of the ActionA Piece of the Action
![Page 15: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/15.jpg)
A Taste of ArmageddonA Taste of Armageddon
![Page 16: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/16.jpg)
The TroubleThe Trouble
with Tribbleswith Tribbles
![Page 17: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/17.jpg)
The TroubleThe Trouble
with Tribbleswith Tribbles
![Page 18: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/18.jpg)
Testing for Testing for
CA validationCA validation{ Configure device to use proxy
{ Configure BurpSuite's proxy listener to“Generate a CA-signed per-hostcertificate”
{ DO NOT install the proxy's CAcertificate on the test device
{ Verify you see a certificate warning inthe native mobile browser
{ Step through each section of the app
{ If you see HTTPS traffic, in Burpsuite,the app failed
![Page 19: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/19.jpg)
Second aspectSecond aspect
of validationof validationDoes the Subject Common or
Alternative name match the hostnameof the site you're visiting?
![Page 20: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/20.jpg)
Proper certificate Proper certificate
validationvalidation
Does the Common or Subject Alternative Name Match the hostname?Does the Common or Subject Alternative Name Match the hostname?
Traces back to Trusted Root CATraces back to Trusted Root CA
![Page 21: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/21.jpg)
By anyBy anyother nameother name
![Page 22: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/22.jpg)
By anyBy anyother nameother name
![Page 23: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/23.jpg)
![Page 24: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/24.jpg)
The AppleThe Apple
![Page 25: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/25.jpg)
And the ChildrenAnd the Children Shall Lead Shall Lead
![Page 26: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/26.jpg)
Amok TimeAmok Time
![Page 27: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/27.jpg)
By anyBy anyother nameother name
![Page 28: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/28.jpg)
By anyBy anyother nameother name
![Page 29: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/29.jpg)
Testing for properTesting for proper
hostname validationhostname validation
{ Install Portswigger CA cert on device
{ Configure your device to use a proxy
{ Configure proxy listener to “Generate a CA-signed certificate with a specific hostname”
{ Set the hostname to foobar.com
{ Verify you see a certificate warning inthe native mobile browser
{ Step through each section ofthe mobile app
{ If you see HTTPS traffic, the app failed
![Page 30: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/30.jpg)
Proper certificate Proper certificate
validationvalidation
Does the Common or Subject Alternative Name Match the DNS hostname?Does the Common or Subject Alternative Name Match the DNS hostname?
Not expired? Not revoked?Not expired? Not revoked?
Traces back to Trusted Root CATraces back to Trusted Root CA
![Page 31: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/31.jpg)
Damn it, Jim!Damn it, Jim!
![Page 32: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/32.jpg)
The Naked TimeThe Naked Time{ Credit card numbers,Credit card numbers,
passwords, and/or sessionpasswords, and/or sessioncookiescookies
![Page 33: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/33.jpg)
Dagger of the mindDagger of the mind{ Unencrypted credit
card information
{ Tier 1 PCI merchant
{ 10 million+ installations
![Page 34: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/34.jpg)
Court MartialCourt Martial
FTC vs.FTC vs.Fandango & Credit KarmaFandango & Credit Karma
{ One of the major flaws cited in theOne of the major flaws cited in thesuit was failure to validate SSLsuit was failure to validate SSLcertificates on mobile applicationscertificates on mobile applications
{ Agreed to “establishAgreed to “establishcomprehensive security programs”comprehensive security programs”
{ Agreed to “undergo independentAgreed to “undergo independent security assessments every other security assessments every otheryear for 20 years”year for 20 years”
{ Scolded publicly for not keeping “theirScolded publicly for not keeping “theirprivacy promises to consumers”privacy promises to consumers”
![Page 35: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/35.jpg)
![Page 36: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/36.jpg)
SSL session cachingSSL session caching
{ During the initial handshakeDuring the initial handshakethe certificate is validatedthe certificate is validated
{ Subsequent client requestsSubsequent client requestsre-use the previousre-use the previoushandshake and do not re-handshake and do not re-validate the certificatevalidate the certificate
{ TOFU (Trust On First Use)TOFU (Trust On First Use)
![Page 37: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/37.jpg)
The Enemy WithinThe Enemy Within
{ Rooted devices, or
{ Physical access
{ More likely on mobile
![Page 38: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/38.jpg)
Patterns of ForcePatterns of Force
If I have physical access,couldn't I just...
{ Install malicious app
{ Access your data
![Page 39: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/39.jpg)
Turnabout IntruderTurnabout Intruder
{ SSL session caching onlychecks the certificate once
{ Install a CA, for the firstconnection, then delete it
{ Viewing cache file via adb oranother app requires rootaccess
![Page 40: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/40.jpg)
The City on the The City on the
Edge of ForeverEdge of Forever
{ Server decides how long toaccept the cached session(RFC-5077, section 5.6)
{ In other words, the bad guygets to decide how long toaccept the cached session...
{ We refer to this feature as“EverPWN”
![Page 41: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/41.jpg)
![Page 42: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/42.jpg)
Shields Up!Shields Up!
{ Review your code{ Implement policy{ Test pre-release{ Train developers
![Page 43: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/43.jpg)
Shields Up!Shields Up!
In Android, investigate these:{ TrustManager{ SSLSocket { SSLSocketFactory getInsecure { HostNameVerifier
In iOS, investigate these areas: { Don't use AFNetworking < v. 2.5.3{ _AFNETWORKING_ALLOW_INVALID_SSL_CERTIFICATES_
{ SetAllowsAnyHTTPSCertificate{ kCFStreamSSLAllowsAnyRoot
![Page 44: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/44.jpg)
Shields Up!Shields Up!
{ Certificate Pinning
{ Dev and prod signing certificates are required to be different in both iOS and Android
{ Build validation mode based on which certificate
is used to sign the app
![Page 45: The Savage Curtain: Mobile SSL Failuresconference.hitb.org/hitbsecconf2015ams/materials/D1T2 - Tony Tru… · {Apps are mash-ups of native and web code {Java, Objective C, Swift,](https://reader033.vdocuments.site/reader033/viewer/2022051910/5fff5bf9fedbcb49c8255fe9/html5/thumbnails/45.jpg)
Live Long and ProsperLive Long and Prosper
Contact and testing instructions:
http://www.secbro.com
Tony Trummer:
http://www.linkedin.com/in/tonytrummer
@SecBro1
Tushar Dalvi:
http://www.linkedin.com/in/tdalvi
@TusharDalvi
R.I.P Reggie Destin