[Owasp-mobile-security-project] Mobile, SSL/TLS, and Certificte or Public Pinning

Jeffrey Walton noloader at gmail.com
Mon Aug 13 21:58:49 UTC 2012


Hi Ari,

> To me they all boil down to the same issue: Why would you treat
> mobile any different from non-mobile? If you've done your analysis and
> decided that you need SSL (or conversely, if you don't need SSL),why would
> you do any different for mobile?
Under traditional client/server, an organization has a logical
security boundary. The organization runs their DNS, usually controls
PKI via private CA heirarchy, etc. Client/server requests flow to/from
an office to datacenter over a VPN or leased line. All of this occurs
within the logical security boundary.

We don't have that in mobile:
 * The device is outside the security boundary
 * DNS is controlled by others (carrier)
 * SSL/TLS was designed for $50 Amazon transactions in the 1990s
      (not high value corporate data)
 * Users cannot tune the Public CA store (its burned into the ROM)
 * OEM/Handset manufactures can add a trusted root for maintenance, et al
 * Carriers can add a trusted root for maintenance, et al
 * CRL/OCSP does not work as expected/intended
 * Anyone on the data path can use a proxy
      (http://blog.cryptographyengineering.com/2012/03/how-do-interception-proxies-fail.html)
 * Law Enforcement can force the use of a proxy
      (http://www.theatlanticwire.com/technology/2011/09/lulzsec-hacker-exposed-service-he-thought-would-hide-him/42895/)
 * Carriers can ship data off to a metrics/aggregation services
      (http://click-fraud-fun.blogspot.com/2012/07/more-mobile-madness.html)
 * The Carrier's plant can become compromised
      (http://www.pcworld.com/article/119851/paris_hilton_victim_of_tmobiles_web_flaws.html)
 * CAs can become compromised
      (http://isc.sans.edu/diary.html?storyid=11500)
 * DNS become compromised
      (http://forums.theregister.co.uk/forum/2/2011/09/05/dns_hijack_service_updated/)
 * Can't trust CAs - they will issue anything (including subordinate
CAs) for money
      (http://www.net-security.org/secworld.php?id=12369)
 * Can't trust browsers - they will sell you out and elide their responsibility
      (https://bugzilla.mozilla.org/show_bug.cgi?id=724929)
 * Its easy to set up an AP or Base Station
      (Chris Paget's IMSI Catcher,
      http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/)
 * User will break it too (not just bad guys)
      (http://www.esecurityplanet.com/mobile-security/hacker-bypasses-apples-ios-in-app-purchases.html)
 * PKI is broken
      (www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf)
 * The Internet is Broken :)
      (http://blog.cryptographyengineering.com/2012/02/how-to-fix-internet.html)

Out of curiosity: what is one of the first things PenTesters do? They
set up a proxy to watch web service request. What is *MOST* befuddling
to me: it did not set off an alarm bell that the secure channel was
just destroyed!!!

Jeff

On Mon, Aug 13, 2012 at 2:42 PM, Ari Elias-Bachrach
<Ari at elias-bachrach.com> wrote:
> I feel like I've had several related conversations recently about mobile and
> SSL/TLS. To me they all boil down to the same issue: Why would you treat
> mobile any different from non-mobile? If you've done your analysis and
> decided that you need SSL (or conversely, if you don't need SSL),why would
> you do any different for mobile? Same thing with all the various options
> like EV certs and cert pinning - if you've come to the conclusion that you
> need feature set X, then it shouldn't matter if your client is connecting
> via desktop, laptop, android, iOS, or avian carrier - you need feature set
> X.
>
> Since I'm on the subject....
> In the last few weeks I've had multiple conversations were people have told
> me that they can't SSL enable the mobile version of their website because
> some of their mobile customers might not/do not support SSL. I find this a
> little hard to believe so I've asked them all for more information on
> exactly what clients they're seeing that don't support SSL, and have yet to
> get a real response. Does anyone know of any clients still in semi-active
> use that actually don't support SSL or is this just a legacy concern that
> hasn't gone away yet? So far the only thing I could come up with was Palm OS
> 4.0, (and earlier) which is now over 10 years old.
>
> _______________________________________________
> Owasp-mobile-security-project mailing list
> Owasp-mobile-security-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-mobile-security-project
>


More information about the Owasp-mobile-security-project mailing list