SSL Validation Checking vs. Go(ing) to Fail

Presented at Black Hat Europe 2014, Oct. 17, 2014, 9:30 a.m. (30 minutes).

The "go to fail" bug was a shock for all security-aware apple users. A simple coding error lead to a missing check in SSL validation with grave consequences. Many applications rely on SSL, but only few recognize that all of its helpful mechanisms (encryption, integrity protection, replay protection) are not worth a penny without proper authentication of communication peers. We suspected that many programs, especially mobile apps, do not fully validate the certificate of the server they send confidential information to. Could "go to fail" and similar insufficient certificate validation checks be tested for, without having access to the source code? To test this out, we developed SVF - the "SSL-Validation-Fuzzer" for easier certificate validation check testing in cooperation with University of Applied Sciences St. Poelten. SVF is written in python and based on the well-known mitm proxy software. For testing, it is placed between the test target (e.g mobile app) and the server. SVF will 1.) capture the SSL handshake 2.) generate several mutation certificates based on the original server certificate according to a range of test cases 3.) allow the user to apply those mutation certificates in the encryption in order to 4.) test if the client starts/continues data transfer with a forged certificate, thereby allowing testing of client-side certificate validation logic. Though currently still a simple yet powerful prototype, we used SVF on a bunch of iOS, Android, and Windows Mobile apps. The first range of testing candidates were mobile banking applications, as we expected strong validation checks here. We started with mobile banking apps from our home country Austria, then moved on to banking apps from other countries too, giving us some very interesting results and a glimpse on the state of certificate checks overall. Vendors affected by the discovered vulnerabilities are informed in a coordinated disclosure process. In our talk, both the SVF tool, as well as the results from our field study, will be presented. We believe that although still in a prototype stage with just a bunch of test-cases, SVF-type checks could be valuable not only for app-developers, but anyone trying to test the SSL-validation checks of an app, thereby testing its susceptibility to crafted man-in-the-middle attacks.


Presenters:

  • Thomas Brandstetter - Limes Security
    Thomas Brandstetter is CEO and Co-Founder of Limes Security, a company specializing in industrial cyber security and secure software development, based in Austria. Besides his work as a CEO, he is an Associate Professor at the University of Applied Sciences St. Poelten, Austria, where he loves to teach his students classes like industrial cyber security, incident response, botnets and honeypots, and penetration testing. He gathered a decade of experience in the industry when he joined Siemens in order to establish the topic of cyber security in industrial products, 10 years ago. After spending years in pen-testing products, he became Program Manager of the "Hack-Proof-Products Program" that he had co-founded. He held this position until in 2010 when the Stuxnet malware hit. He was assigned the official incident manager role for this unique threat and still loves to look back on what he learned back then both technically and about organizations. Out of the remnants of the Stuxnet-activities, Thomas founded the Siemens ProductCERT, which is still one of the most effective industrial incident and vulnerability response teams worldwide today. He led the Siemens ProductCERT for another two years before he left for Limes Security and UAS St. Poelten. He is a CISSP, GICSP and holds a degree in IT security from the University of Applied Sciences Hagenberg, Austria and a masters degree in Business Administration from the Universities of Augsburg and Pittsburgh.

Links:

Similar Presentations: