SlideShare a Scribd company logo

The Savage Curtain: Mobile SSL Failures

☠Tony Trummer☠
☠Tony Trummer☠

The document discusses mobile application security and SSL/TLS validation. It describes how mobile apps often do not properly validate SSL certificates, leaving them vulnerable to man-in-the-middle attacks. It then details methods for testing SSL validation in mobile apps, such as using a proxy to generate certificates and ensuring certificates are validated for both the certificate authority and hostname. Recommendations are provided for improving mobile app SSL validation through secure coding practices.

Mobile
1 of 45
Download to read offline
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth levelThe Savage Curtain:The Savage Curtain: Mobile SSL FailuresMobile SSL Failures
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Who are these guys? Tony Trummer - Staff Security Engineer aka “SecBro” Tushar Dalvi - Sr. Security Engineer & Pool Hustler
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Our employer generally does not have prior knowledge of, condone, support or otherwise endorse our research A Private Little War
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Menagerie { Apps are mash-ups of native and web code { Java, Objective C, Swift, etc. { Developers control SSL/TLS security settings
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Basics TLS provides several security features { Encryption { Authenticity { Integrity In apps, unlike browsers, whether you see a certificate warning is up to the app developer.
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Wolf in the Fold { TLS is really the ONLY protection against Man-in-the middle (MitM) attacks { MitM is significantly easier to perform against mobile devices
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Tomorrow Is Yesterday Before dismissing the idea of large- scale or supply-chain attacks... { Recent reports of pre-installed trojans on low-end Android devices { In 2013, Nokia was found to be performing MitM on customer traffic, reportedly for performance reasons { In 2013, reports surfaced claiming that the NSA and GCHQ (“Flying Pig”) were actually performing real-world MitM attacks
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Immunity Syndrome Infosec folks often roll their eyes when they read statements on sites or in apps that tout TLS use and how big their keys are
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Journey to Babel One night, after a few drinks, we decided to test some apps, starting with proxying their web requests
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Into Darkness
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level First aspect of certificate validation The app or OS must verify the certificate is cryptographically signed by the private key of a trusted Certificate Authority
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Proper certificate validation Certificate is signed by the private key of a trusted CA?Certificate is signed by the private key of a trusted CA? Is this an intermediate certificate?Is this an intermediate certificate? Trusted Root CATrusted Root CA
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Forget Something? Tony Tushar
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level A Piece of the Action
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level A Taste of Armageddon
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Trouble with Tribbles
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Trouble with Tribbles
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Testing for CA validation { Configure device to use proxy { Configure BurpSuite's proxy listener to “Generate a CA-signed per-host certificate” { DO NOT install the proxy's CA certificate on the test device { Verify you see a certificate warning in the native mobile browser { Step through each section of the app { If you see HTTPS traffic, in Burpsuite, the app failed
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Second aspect of validation Does the Subject Common or Alternative name match the hostname of the site you're visiting?
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Proper certificate validation Does the Common or Subject Alternative Name Match the hostname?Does the Common or Subject Alternative Name Match the hostname? Traces back to Trusted Root CATraces back to Trusted Root CA
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level By any other name
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level By any other name
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Apple
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level And the Children Shall Lead
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Amok Time
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level By any other name
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level By any other name
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Testing for proper hostname validation { Install Portswigger CA cert on device { Configure your device to use a proxy { Configure proxy listener to “Generate a CA- signed certificate with a specific hostname” { Set the hostname to foobar.com { Verify you see a certificate warning in the native mobile browser { Step through each section of the mobile app { If you see HTTPS traffic, the app failed
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Proper certificate validation Does the Common or Subject Alternative Name Match the DNS hostname?Does the Common or Subject Alternative Name Match the DNS hostname? Not expired? Not revoked?Not expired? Not revoked? Traces back to Trusted Root CATraces back to Trusted Root CA
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Damn it, Jim!
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Naked Time { Credit card numbers, passwords, and/or session cookies
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Dagger of the mind { Unencrypted credit card information { Tier 1 PCI merchant { 10 million+ installations
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Court Martial FTC vs. Fandango & Credit Karma { One of the major flaws cited in the suit was failure to validate SSL certificates on mobile applications { Agreed to “establish comprehensive security programs” { Agreed to “undergo independent security assessments every other year for 20 years” { Scolded publicly for not keeping “their privacy promises to consumers”
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level SSL session caching { During the initial handshake the certificate is validated { Subsequent client requests re-use the previous handshake and do not re-validate the certificate { TOFU (Trust On First Use)
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Enemy Within How would a bad guy get my phone? Why is it more likely on mobile?
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Patterns of Force If I have physical access, couldn't I just... { Install malicious app { Access your data
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Turnabout Intruder Since SSL session caching only checks the certificate once, you only need it on the device for as long it takes you to make the first connection, after which you can delete it
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The City on the Edge of Forever { Server decides how long to accept the cached session { In other words, the bad guy gets to decide how long to accept the cached session... { We refer to this feature as “EverPWN”
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Shields Up! { Review your code { Implement policy { Test pre-release { Train developers
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Shields Up! In Android, investigate these: { TrustManager { SSLSocket { SSLSocketFactory getInsecure { HostNameVerifier In iOS, investigate these areas: { Don't use AFNetworking < v. 2.5.3 { _AFNETWORKING_ALLOW _INVALID_SSL_CERTIFICATES_ { SetAllowsAnyHTTPSCertificate { kCFStreamSSLAllowsAnyRoot
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Shields Up! { Certificate Pinning { Dev and prod signing certificates are required to be different in both iOS and Android { Build validation models based on which certificate is used to sign the app
• Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Live Long and Prosper Contact and testing instructions: http://www.secbro.com Tony Trummer: http://www.linkedin.com/in/tonytrummer @SecBro1 Tushar Dalvi: http://www.linkedin.com/in/tdalvi @TusharDalvi R.I.P Reggie Destin

Recommended

How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)Larry Cashdollar
 
I See You
I See YouI See You
I See YouAndrew Beard
 
Https interception proxies
Https interception proxiesHttps interception proxies
Https interception proxiesgeeksec80
 
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 lokeshpidawekar
 
Qark DefCon 23
Qark DefCon 23Qark DefCon 23
Qark DefCon 23☠Tony Trummer☠
 
LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 20...
LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 20...LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 20...
LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 20...Cory Scott
 
Algorand blockchain basics, decentralized and for developers
Algorand blockchain basics, decentralized and for developersAlgorand blockchain basics, decentralized and for developers
Algorand blockchain basics, decentralized and for developersRuss Fustino
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingJakub Kałużny
 

Recommended

How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)Larry Cashdollar
 
I See You
I See YouI See You
I See YouAndrew Beard
 
Https interception proxies
Https interception proxiesHttps interception proxies
Https interception proxiesgeeksec80
 
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 lokeshpidawekar
 
Qark DefCon 23
Qark DefCon 23Qark DefCon 23
Qark DefCon 23☠Tony Trummer☠
 
LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 20...
LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 20...LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 20...
LinkedIn Information Security Talent Pool Research - Black Hat CISO Summit 20...Cory Scott
 
Algorand blockchain basics, decentralized and for developers
Algorand blockchain basics, decentralized and for developersAlgorand blockchain basics, decentralized and for developers
Algorand blockchain basics, decentralized and for developersRuss Fustino
 
Bypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingBypassing malware detection mechanisms in online banking
Bypassing malware detection mechanisms in online bankingJakub Kałużny
 
DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDavide Benvegnù
 
The Algorand Blockchain
The Algorand BlockchainThe Algorand Blockchain
The Algorand BlockchainRuss Fustino
 
The Algorand Blockchain Decentralized and for Developers
The Algorand Blockchain Decentralized and for DevelopersThe Algorand Blockchain Decentralized and for Developers
The Algorand Blockchain Decentralized and for DevelopersRuss Fustino
 
Building Blockchain Solutions with Algorand Developer Tools
Building Blockchain Solutions with Algorand Developer ToolsBuilding Blockchain Solutions with Algorand Developer Tools
Building Blockchain Solutions with Algorand Developer ToolsRuss Fustino
 
Algorand Educate: Algorand Development Environment
Algorand Educate: Algorand Development EnvironmentAlgorand Educate: Algorand Development Environment
Algorand Educate: Algorand Development EnvironmentVanessa Lošić
 
Algorand Development Environment
Algorand Development Environment Algorand Development Environment
Algorand Development Environment Vanessa Lošić
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attackE Hacking
 
Identifying DoD Cybersecurity Requirements
Identifying DoD Cybersecurity RequirementsIdentifying DoD Cybersecurity Requirements
Identifying DoD Cybersecurity RequirementsRobert E Jones
 
Intro to Blockchain 2020
Intro to Blockchain 2020Intro to Blockchain 2020
Intro to Blockchain 2020Russ Fustino
 
Algorand August Release
Algorand August ReleaseAlgorand August Release
Algorand August ReleaseRuss Fustino
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...MediaSense
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
Building with Algorand 2.0, everything you need to know
Building with Algorand 2.0, everything you need to knowBuilding with Algorand 2.0, everything you need to know
Building with Algorand 2.0, everything you need to knowRuss Fustino
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
How to beat ransomware
How to beat ransomwareHow to beat ransomware
How to beat ransomwarePaladionNetworks01
 
E07 Simplicity of Non-Disclosure Agreements
E07 Simplicity of Non-Disclosure AgreementsE07 Simplicity of Non-Disclosure Agreements
E07 Simplicity of Non-Disclosure AgreementsRobert E Jones
 
Talis Aspire Digitised Content Overview
Talis Aspire Digitised Content OverviewTalis Aspire Digitised Content Overview
Talis Aspire Digitised Content OverviewTalis
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce OrgSalesforce Admins
 
Raj Subramanian - Mobile Web Testing
Raj Subramanian - Mobile Web TestingRaj Subramanian - Mobile Web Testing
Raj Subramanian - Mobile Web TestingQA or the Highway
 

More Related Content

Similar to The Savage Curtain: Mobile SSL Failures

DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDavide Benvegnù
 
The Algorand Blockchain
The Algorand BlockchainThe Algorand Blockchain
The Algorand BlockchainRuss Fustino
 
The Algorand Blockchain Decentralized and for Developers
The Algorand Blockchain Decentralized and for DevelopersThe Algorand Blockchain Decentralized and for Developers
The Algorand Blockchain Decentralized and for DevelopersRuss Fustino
 
Building Blockchain Solutions with Algorand Developer Tools
Building Blockchain Solutions with Algorand Developer ToolsBuilding Blockchain Solutions with Algorand Developer Tools
Building Blockchain Solutions with Algorand Developer ToolsRuss Fustino
 
Algorand Educate: Algorand Development Environment
Algorand Educate: Algorand Development EnvironmentAlgorand Educate: Algorand Development Environment
Algorand Educate: Algorand Development EnvironmentVanessa Lošić
 
Algorand Development Environment
Algorand Development Environment Algorand Development Environment
Algorand Development Environment Vanessa Lošić
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attackE Hacking
 
Identifying DoD Cybersecurity Requirements
Identifying DoD Cybersecurity RequirementsIdentifying DoD Cybersecurity Requirements
Identifying DoD Cybersecurity RequirementsRobert E Jones
 
Intro to Blockchain 2020
Intro to Blockchain 2020Intro to Blockchain 2020
Intro to Blockchain 2020Russ Fustino
 
Algorand August Release
Algorand August ReleaseAlgorand August Release
Algorand August ReleaseRuss Fustino
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...MediaSense
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
Building with Algorand 2.0, everything you need to know
Building with Algorand 2.0, everything you need to knowBuilding with Algorand 2.0, everything you need to know
Building with Algorand 2.0, everything you need to knowRuss Fustino
 
E07 Simplicity of Non-Disclosure Agreements
E07 Simplicity of Non-Disclosure AgreementsE07 Simplicity of Non-Disclosure Agreements
E07 Simplicity of Non-Disclosure AgreementsRobert E Jones
 
Talis Aspire Digitised Content Overview
Talis Aspire Digitised Content OverviewTalis Aspire Digitised Content Overview
Talis Aspire Digitised Content OverviewTalis
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce OrgSalesforce Admins
 
Raj Subramanian - Mobile Web Testing
Raj Subramanian - Mobile Web TestingRaj Subramanian - Mobile Web Testing
Raj Subramanian - Mobile Web TestingQA or the Highway
 

Similar to The Savage Curtain: Mobile SSL Failures (20)

DevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptxDevSecOps Done Right - Strategies and Tools.pptx
DevSecOps Done Right - Strategies and Tools.pptx
 
The Algorand Blockchain
The Algorand BlockchainThe Algorand Blockchain
The Algorand Blockchain
 
The Algorand Blockchain Decentralized and for Developers
The Algorand Blockchain Decentralized and for DevelopersThe Algorand Blockchain Decentralized and for Developers
The Algorand Blockchain Decentralized and for Developers
 
Building Blockchain Solutions with Algorand Developer Tools
Building Blockchain Solutions with Algorand Developer ToolsBuilding Blockchain Solutions with Algorand Developer Tools
Building Blockchain Solutions with Algorand Developer Tools
 
Algorand Educate: Algorand Development Environment
Algorand Educate: Algorand Development EnvironmentAlgorand Educate: Algorand Development Environment
Algorand Educate: Algorand Development Environment
 
Algorand Development Environment
Algorand Development Environment Algorand Development Environment
Algorand Development Environment
 
New Developments in the BREACH attack
New Developments in the BREACH attackNew Developments in the BREACH attack
New Developments in the BREACH attack
 
Identifying DoD Cybersecurity Requirements
Identifying DoD Cybersecurity RequirementsIdentifying DoD Cybersecurity Requirements
Identifying DoD Cybersecurity Requirements
 
Intro to Blockchain 2020
Intro to Blockchain 2020Intro to Blockchain 2020
Intro to Blockchain 2020
 
Algorand August Release
Algorand August ReleaseAlgorand August Release
Algorand August Release
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010
 
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...
Real Time Advertising: Project Sunblock, Ensuring quality and brand protectio...
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact global
 
Building with Algorand 2.0, everything you need to know
Building with Algorand 2.0, everything you need to knowBuilding with Algorand 2.0, everything you need to know
Building with Algorand 2.0, everything you need to know
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
How to beat ransomware
How to beat ransomwareHow to beat ransomware
How to beat ransomware
 
E07 Simplicity of Non-Disclosure Agreements
E07 Simplicity of Non-Disclosure AgreementsE07 Simplicity of Non-Disclosure Agreements
E07 Simplicity of Non-Disclosure Agreements
 
Talis Aspire Digitised Content Overview
Talis Aspire Digitised Content OverviewTalis Aspire Digitised Content Overview
Talis Aspire Digitised Content Overview
 
Security and Your Salesforce Org
Security and Your Salesforce OrgSecurity and Your Salesforce Org
Security and Your Salesforce Org
 
Raj Subramanian - Mobile Web Testing
Raj Subramanian - Mobile Web TestingRaj Subramanian - Mobile Web Testing
Raj Subramanian - Mobile Web Testing
 

The Savage Curtain: Mobile SSL Failures

  • 1. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth levelThe Savage Curtain:The Savage Curtain: Mobile SSL FailuresMobile SSL Failures
  • 2. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Who are these guys? Tony Trummer - Staff Security Engineer aka “SecBro” Tushar Dalvi - Sr. Security Engineer & Pool Hustler
  • 3. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Our employer generally does not have prior knowledge of, condone, support or otherwise endorse our research A Private Little War
  • 4. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Menagerie { Apps are mash-ups of native and web code { Java, Objective C, Swift, etc. { Developers control SSL/TLS security settings
  • 5. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Basics TLS provides several security features { Encryption { Authenticity { Integrity In apps, unlike browsers, whether you see a certificate warning is up to the app developer.
  • 6. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Wolf in the Fold { TLS is really the ONLY protection against Man-in-the middle (MitM) attacks { MitM is significantly easier to perform against mobile devices
  • 7. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Tomorrow Is Yesterday Before dismissing the idea of large- scale or supply-chain attacks... { Recent reports of pre-installed trojans on low-end Android devices { In 2013, Nokia was found to be performing MitM on customer traffic, reportedly for performance reasons { In 2013, reports surfaced claiming that the NSA and GCHQ (“Flying Pig”) were actually performing real-world MitM attacks
  • 8. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Immunity Syndrome Infosec folks often roll their eyes when they read statements on sites or in apps that tout TLS use and how big their keys are
  • 9. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Journey to Babel One night, after a few drinks, we decided to test some apps, starting with proxying their web requests
  • 10. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Into Darkness
  • 11. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level First aspect of certificate validation The app or OS must verify the certificate is cryptographically signed by the private key of a trusted Certificate Authority
  • 12. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Proper certificate validation Certificate is signed by the private key of a trusted CA?Certificate is signed by the private key of a trusted CA? Is this an intermediate certificate?Is this an intermediate certificate? Trusted Root CATrusted Root CA
  • 13. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Forget Something? Tony Tushar
  • 14. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level A Piece of the Action
  • 15. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level A Taste of Armageddon
  • 16. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Trouble with Tribbles
  • 17. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Trouble with Tribbles
  • 18. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Testing for CA validation { Configure device to use proxy { Configure BurpSuite's proxy listener to “Generate a CA-signed per-host certificate” { DO NOT install the proxy's CA certificate on the test device { Verify you see a certificate warning in the native mobile browser { Step through each section of the app { If you see HTTPS traffic, in Burpsuite, the app failed
  • 19. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Second aspect of validation Does the Subject Common or Alternative name match the hostname of the site you're visiting?
  • 20. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Proper certificate validation Does the Common or Subject Alternative Name Match the hostname?Does the Common or Subject Alternative Name Match the hostname? Traces back to Trusted Root CATraces back to Trusted Root CA
  • 21. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level By any other name
  • 22. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level By any other name
  • 23. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level
  • 24. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Apple
  • 25. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level And the Children Shall Lead
  • 26. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Amok Time
  • 27. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level By any other name
  • 28. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level By any other name
  • 29. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Testing for proper hostname validation { Install Portswigger CA cert on device { Configure your device to use a proxy { Configure proxy listener to “Generate a CA- signed certificate with a specific hostname” { Set the hostname to foobar.com { Verify you see a certificate warning in the native mobile browser { Step through each section of the mobile app { If you see HTTPS traffic, the app failed
  • 30. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Proper certificate validation Does the Common or Subject Alternative Name Match the DNS hostname?Does the Common or Subject Alternative Name Match the DNS hostname? Not expired? Not revoked?Not expired? Not revoked? Traces back to Trusted Root CATraces back to Trusted Root CA
  • 31. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Damn it, Jim!
  • 32. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Naked Time { Credit card numbers, passwords, and/or session cookies
  • 33. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Dagger of the mind { Unencrypted credit card information { Tier 1 PCI merchant { 10 million+ installations
  • 34. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Court Martial FTC vs. Fandango & Credit Karma { One of the major flaws cited in the suit was failure to validate SSL certificates on mobile applications { Agreed to “establish comprehensive security programs” { Agreed to “undergo independent security assessments every other year for 20 years” { Scolded publicly for not keeping “their privacy promises to consumers”
  • 35. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level
  • 36. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level SSL session caching { During the initial handshake the certificate is validated { Subsequent client requests re-use the previous handshake and do not re-validate the certificate { TOFU (Trust On First Use)
  • 37. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The Enemy Within How would a bad guy get my phone? Why is it more likely on mobile?
  • 38. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Patterns of Force If I have physical access, couldn't I just... { Install malicious app { Access your data
  • 39. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Turnabout Intruder Since SSL session caching only checks the certificate once, you only need it on the device for as long it takes you to make the first connection, after which you can delete it
  • 40. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level The City on the Edge of Forever { Server decides how long to accept the cached session { In other words, the bad guy gets to decide how long to accept the cached session... { We refer to this feature as “EverPWN”
  • 41. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level
  • 42. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Shields Up! { Review your code { Implement policy { Test pre-release { Train developers
  • 43. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Shields Up! In Android, investigate these: { TrustManager { SSLSocket { SSLSocketFactory getInsecure { HostNameVerifier In iOS, investigate these areas: { Don't use AFNetworking < v. 2.5.3 { _AFNETWORKING_ALLOW _INVALID_SSL_CERTIFICATES_ { SetAllowsAnyHTTPSCertificate { kCFStreamSSLAllowsAnyRoot
  • 44. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Shields Up! { Certificate Pinning { Dev and prod signing certificates are required to be different in both iOS and Android { Build validation models based on which certificate is used to sign the app
  • 45. • Click to edit Master text styles — Second level • Third level — Fourth level » Fifth level Live Long and Prosper Contact and testing instructions: http://www.secbro.com Tony Trummer: http://www.linkedin.com/in/tonytrummer @SecBro1 Tushar Dalvi: http://www.linkedin.com/in/tdalvi @TusharDalvi R.I.P Reggie Destin