Apple SSL Bug (iOS) - MobileIron "State of the Hack"
Michael T. Raggo | March 01, 2014
An SSL bug was patched on Friday, February 21, 2014 by Apple for devices older than 7.0.6. It stems from a faulty implementation of SSL and should not be construed as a bug or flaw in the SSL/TLS protocol. The attack can occur when an attacker performs a MITM (Man-in-the-Middle) attack allowing the attacker to present an unvalidated SSL certificate as part of the authentication process. By not properly validating the possession of the private key, the iOS device simply accepts the bogus server certificate at face value and completes the handshake and allows the connection. Note that Apple addressed this specific issue promptly with a patch update covering iPhones and iPads as far back as the iPhone 3G, demonstrating their commitment to iOS security. However, this vulnerability has broader implications for how mobile devices should be secured. Below is more detail on MITM attacks and how to use MobileIron to protect against them.
This iOS attack is similar to MITM attacks that occur daily at coffee shops around the world with open WiFi. An attacker can easily setup an Evil Twin Access Point with the same SSID (e.g. "Coffeeshop") and either knock users off the legitimate WiFi and allow them to connect to the Evil Twin, or wait for random users to connect to the Evil Twin Access Point. Since the Evil Twin Access Point can be software-based and run on a laptop, it provides Internet access so the users so they have no idea they're connected to an Evil Twin Access Point.
Once this occurs, the attacker can then create his own certificate on the Evil Twin Access Point. Many users simply click through the warning that this certificate has not been validated, and continue to connect to their website, activesync, or other SSL-based connections. This can allow the attacker to then intercept and decipher the communications to enumerate passwords, credentials, amongst other sensitive data.
MobileIron provides additional protection against such an attack in a variety of ways. First, MobileIron provides for Kerberos Constrained Delegation and mutual authentication for ActiveSync. This mutual authentication includes not only the Server-Side SSL certificate, but also a client certificate. The client certificates must be authenticated against the server side certificate as part of the standard SSL/TLS mutual authentication handshake. Therefore if a MITM attack was to occur on an open WiFi network, the fake certificate provided by the attacker would not have the proper relationship with the client certificate and would be invalidated.
The same could be said for VPN and AppTunnel. MobileIron's AppTunnel can provide a client certificate to allow mutual authentication of App-specific SSL sessions. This can be provided for Apps, MobileIron's secure browser Web@Work, Sharepoint, and other connections to the corporate network. Additionally, this is initiated by the containerized corporate portion of the device, to protect the endpoint from intrusion by the attacker as well.
There are two particularly good articles covered the issue:
MobileIron's defense-in-depth strategy provides additional protection against a MITM attack through use of our Sentry. Specifically:
- Broad support for certificates to provide mutual authentication for SSL sessions used with ActiveSync, Sharepoint, Web@Work, and AppTunneling for applications.
- Attachment security that encrypts email attachments to protect data-in-motion and data-at-rest.
- Sentry secure gateway that ensures only registered and compliant devices have access to sensitive data.
This proactive and reactive approach protects the data-in-transit and data-at-rest, thereby delivering a holistic solution for safeguarding corporate data on mobile devices.