iOS: Back to the Future - DinoSec€¦ · · 2014-06-24–Similar to common law sentences ......

1 Rooted CON 2014 6-7-8 Marzo // 6-7-8 March 2014 © Dino Security S.L. (www.dinosec.com) All rights reserved.

i S w w w. d i n o s e c . c o m @ d i n o s e c

Raúl Siles

[email protected] @raulsiles

@dinosec

March 8, 2014


Outline

Vulnerability research and markets

Apple & iOS: State of the art – iPhone/iPad in business

– SSA

Can we manipulate the iOS update process?

Vulnerability details: iOS 5, 6, 7… – Attacks

Conclusions

Credits

3

Vulnerability Research & Markets

Insider View


Vulnerability Markets

How security vulnerability information is managed and traded today?

– Importance of (vuln) information systems for modern economy and society

Who is going to potentially buy your cyber weapon?

– Closed privileged groups

• Black market: cyber criminals

• Public markets: private security companies, governments, brokers…

– Subscription fees: 25 zero-days per year for USD $2.5 million

– What is it going to be used for?

• Compromise all vuln systems w/o the public ever having knowledge of the threat

• Vulns remain private for an average of 151 days (+100 exploits per year)

– Real risk exposure: Assume you are already compromised

NSSLabs

– “The Known Unknowns” (Dec 5, 2013)

– “International Vulnerability Purchase Program” (Dec 17, 2013)

https://www.nsslabs.com/reports/known-unknowns-0 https://www.nsslabs.com/reports/ivpp


‘Responsible’ disclosure & Conference disclosure

Disclosure Options

Do nothing – Assuming it is the best way to serve the community

Coordinated disclosure (vendor) – Information about vulnerabilities is a valuable asset

• Security researchers require compensation for time spent

Full disclosure – Motivate vendors to act

Sell it – Bug bounty (vendor)

– Broker or directly to third-parties


Vulnerability Research

For previous vulnerability research I followed… – Responsible and coordinated disclosure with vendors

– But it was time to research the current vulnerability markets • Vulnerability was accepted and published in one of the vulnerability purchase programs

• No real interest out of RCE, LPE and information disclosure (memory addresses)

Vulnerability discovered in early 2012 (+2 years) – Remained private until now

– Keeping it private (as far as I know) and verifying it is still not public requires lot of effort (specially over long periods of time)

Why is this vulnerability released today? – You trust your government (country)…

• What about its allies (e.g. NSA)? And others?

– Rooted CON 5th anniversary!

What if someone finds it meanwhile… or the vendor fixes it? – For how long a not very complex vulnerability can remain undisclosed?

– Value of modern vulnerabilities and exploits is based on who knows about them

How to provide details without disclosing too much?


Vulnerability Research & Disclosure

Vendors do not take relevant issues seriously – "Why iOS (Android…) Fail inexplicably". Raul Siles. Rooted CON 2013

“When should a researcher initially notify a vendor with no serious

bug bounty before releasing an undisclosed vulnerability in a

security conference?” (Community disclosure?)

– It depends: vendor, bug, researcher, follow-ups… (“negotiate”)

• Complexity, criticality, scope…

• Evolution of security business landscape

– Vulnerability disclosure policies are like assh*les…

• …everyone has one!

• The "Month and a Day Rule" (DinoSec 2014)

– Similar to common law sentences

– Vulnerability notified to Apple on February 6, 2014 (1M +1D)

8

Apple & iOS: State of the Art


iPhone/iPad in Business (1/2)

Your business or Apple business model?

– Hardware, software, services & contents

• App Store & iTunes

Apple Q1 2014 financial results

– Sales (quarter): 51M iPhones & 26M iPads

– Revenue: $57.6 billion

• $4.4 billion on iTunes/Software/Service

– Net quarterly profit: $13.1 billion

– 65 billion apps cumulative ($15 billion to developers)

• 1 million apps cumulative in 24 categories

https://www.apple.com/pr/library/2014/01/27Apple-Reports-

First-Quarter-Results.html


iPhone/iPad in Business (2/2)

iOS design, features, and architecture – https://www.apple.com/iphone/business/it/

– https://www.apple.com/ipad/business/it/

iOS security model (Feb’14)

– Updates: System Software Authorization

• A7 processor - Security Enclave coprocessor

https://www.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf


System Software Authorization (1/2)

To prevent devices from being downgraded – Older versions lack the latest security updates

• “An attacker who gains possession of a device could install an older version of iOS and exploit a vulnerability that’s been fixed in the newer version”

• Jailbreak?

iTunes or wirelessly over the air (OTA) – Full copy of iOS or only the components required

Connects to Apple’s installation authorization server – Crypto measurements for each part of installation bundle

(LLB, iBoot, kernel & OS image), nonce & ECID (device unique ID)


System Software Authorization (2/2)

Authorization server checks measurements against

versions permitted by Apple

– Allows only latest version for each device model

• Narrow signing window (~24h)

– Apple signs measurements, nonce and ECID

• Per device (ECID) and per restore (nonce)

Every firmware installation is remotely verified

(signed) by Apple during every restore or upgrade

– Started with iPhone 3G[S] & iOS 3 (using ECID only)

• "Verifying restore with Apple...“

– iTunes “personalizes” the firmware file (ECID…): SHSH


Apple iOS Downgrade (1/3)

SHSH blobs and APTickets

– Signature HaSH (SHSH blobs) and nonce (APTicket)

• Cydia (saurik) & redsn0w (Musclenerd) & iFaith (iH8sn0w)

TSS Center (Cydia), redsn0w,TinyUmbrella, iFaith…

– MitM (& cache) signature server: gs.apple.com

• Source: http://svn.saurik.com/repos/menes/trunk/cysts/

– The verifier was the Tatsu Signing Server (TSS)

• Spidercab (Apple internal equivalent), running at ‘tatsu-

tss-internal.apple.com’ (Apple VPN), is used to sign old

versions...

http://www.saurik.com/id/12 (iOS 3.x) http://www.saurik.com/id/15 (iOS 6.x)



SHSH blobs – SHA-1 hashes (160-bit digests)

– iPhone Software (IPSW) file (ZIP file)

• Build manifest: BuildManifest.plist

– List of files and their content (+ Apple integrity signature) digests

• “Personalization” process

– Build manifest TSS request Apple SHSH blobs Replace files signature section with SHSH blobs

APTickets – Introduced with iOS 5.x

– Block of data with digest for all files used during boot • No IPSW file “personalization” any more (APTicket)

• Contains a “nonce” (anti-replay mechanism - uncacheable)



Caching the uncacheable – Restore to very old iOS versions (no APTicket)

– Downgrade tricks history • http://www.jailbreakqa.com/faq#32763 …

– Exploits for reusing APTickets

No way to downgrade from iOS 6.x to older versions on newer devices (as of April 2013) – Eligible older devices

• iPhone 4 & 3G[S], iPad, and iPod Touch 4th (A4 processor) – limera1n BootROM exploit (redsn0w can dump TSS info from device)

• iPad2 – Go from iOS 5 (or 6) to iOS 4 (no APTicket) and back to iOS 5

• iPad 2, 3 & iPhone 4s: From iOS 5 to any other iOS 5 version

Requirement: TSS information previously saved


iOS Support Matrix

http://iossupportmatrix.com

17

Can We Manipulate the iOS Update Process?

Without a new BootROM exploit


Relevant iOS 5 Change

Over the Air (OTA)

– iOS software updates

• Settings - General - Software Update

– iTunes data sync & backup over Wi-Fi

• iTunes 10.5+

– Options – Sync with this iPhone over Wi-Fi

– iCloud backup

• Settings - iCloud - Storage & Backup

Apple fans behavior change: Getting rid of the USB cables


iOS OTA Update Process

HTTP (vs. HTTPS)

– iOS software (IPSW) integrity verification

– Software update server: http://mesu.apple.com

Automatically used by iOS…

– … or manually launched by the user

• Settings - General - Software Update

iOS software update (plist) file (XML format)

– References (URLs) to all the current iOS version files • http://appldnld.apple.com


Main iOS SW Update Files

iOS software update (plist) file – http://mesu.apple.com/assets/

com_apple_MobileAsset_SoftwareUpdate/

com_apple_MobileAsset_SoftwareUpdate.xml

iOS software update documentation (plist) file – http://mesu.apple.com/assets/

com_apple_MobileAsset_SoftwareUpdateDocumentation/

com_apple_MobileAsset_SoftwareUpdateDocumentation.xml

iOS 5.0 (GM) was not offered via OTA

– iOS 5.0 betas (4-7) & 5.1 beta 2 were offered via OTA

– iOS 5.0.1 was the first public OTA version


iOS 5.x & 6.x


iOS 5 & 6: HEAD Request

HEAD /assets/com_apple_MobileAsset_SoftwareUpdate/

com_apple_MobileAsset_SoftwareUpdate.xml HTTP/1.1

Host: mesu.apple.com

User-Agent: MobileAsset/1.0

Connection: close

Content-Length: 0

HEAD /assets/com_apple_MobileAsset_SoftwareUpdate/



User-Agent: $%7BPRODUCT_NAME%7D/1 CFNetwork/548.0.4

Darwin/11.0.0

Content-Length: 0

Connection: close


iOS 5 & 6: HEAD Response

HTTP/1.1 200 OK

Server: Apache

ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"

Content-MD5: oNVyoddHvxLCsQeRblBskw==

Last-Modified: Tue, 07 Jan 2014 17:45:50 GMT

Accept-Ranges: bytes

Content-Length: 283956

Content-Type: application/xml

Date: Mon, 20 Jan 2014 11:02:00 GMT

Connection: close

If it contains a date greater than the date from the last update, it will ask

for the new content: GET.


iOS 5 & 6: GET Req & Resp

GET /assets/com_apple_MobileAsset_SoftwareUpdate/



Connection: close


HTTP/1.1 200 OK

Server: Apache

ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"






Date: Mon, 20 Jan 2014 11:02:00 GMT

Connection: keep-alive

...


iOS 5 & 6: GET Req & Resp

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"

"http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Assets</key>

<array>

<dict>

<key>Build</key>

...

<key>OSVersion</key>

<string>7.0.4</string>

...

<key>Certificate</key>

<data>

MIID...YSoiag78twmDRk726aYmxNIfYYpDs0hS7Mw==

</data>

<key>Signature</key>

<data>

LyfS...pvlWlONSzNYx9qZdS6B7Fs6JgHqw9DA1d2w==

</data>

<key>SigningKey</key>

<string>AssetManifestSigning</string>

</dict>

</plist>

Same behavior with the iOS SW update documentation file


Last-Modified: Date

Can we manipulate the iOS update process?

27

StarWars or Matrix?


Man in the Middle (MitM) attacks

– Do you remember the Wi-Fi network impersonation

attacks from last year Rooted CON 2013? • http://www.dinosec.com/docs/RootedCON2013_Taddong_RaulSiles-WiFi.pdf

• http://vimeo.com/70718776

iProxy

– Python MitM tool

• Twisted (https://twistedmatrix.com)

– Event-driven networking engine (e.g. sslstrip)

– Implements both StarWars and Matrix attacks

• Multiple and flexible options

Vulnerability Exploitation

30 “These aren’t the updates you’re looking for”


StarWars Attack

Block and/or drop the HEAD request (timeout)

– Fail: It sends a GET request

– Block and/or drop the GET request (timeout)

• Fail: Error message

– When the user manually checks for updates

– “Unable To Check for Update”

Change the “Last-Modified” header of the HEAD

response to the past

– “These aren’t the updates you’re looking for”

DEMO

32

“This is your last chance. After this, there is no turning back. You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in

Appleland and I show you how deep the rabbit-hole goes.”


Matrix Attack

Change the “Last-Modify” header of the HEAD response to the future – Forcing a GET request

Change the contents of the GET response – Fail: The response contents are signed

– Replay attacks?

Change the “Last-Modify” header of the GET response to the future & provide a previous file – “You’re inside the Matrix”

• No more updates up to that future date

DEMO


iOS Software Update Files Repo


iOS 7.x


iOS 7: GET Request

GET /assets/com_apple_MobileAsset_SoftwareUpdate/



If-Modified-Since: Tue, 07 Jan 2014 17:45:50 GMT

Accept-Encoding: gzip, deflate

Accept: */*

Accept-Language: en-us



HEAD request removed from iOS 7

It discloses the date from the last update stored on the iOS device:

THANKS iOS!


iOS 7: GET Response (304)

If there is no new update from that date… HTTP/1.1 304 Not Modified



ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"

Date: Mon, 20 Jan 2014 12:35:20 GMT



iOS 7: GET Response (200)

If there is a new update from that date… HTTP/1.1 200 OK

Server: Apache

ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"






Date: Mon, 20 Jan 2014 11:02:00 GMT


<?xml version="1.0" encoding="UTF-8"?>

...

<plist version="1.0">

<dict>

...

<key>OSVersion</key>

<string>7.0.4</string> ...


Temporary vs. Permanent attacks


StarWars Attack

Block and/or drop the GET request (timeout)

– Fail: Error message

• When the user manually checks for updates

• “Unable To Check for Update”

Send a 304 response

– “These aren’t the updates you’re looking for”

• Change the “Last-Modified” header of the GET request to the

future to get a 304 from Apple’s server

• Change the GET response manually to 304

This 304 Jedi trick does not work for iOS 6

DEMO


Matrix Attack

Change the contents of the GET response

– Fail: The response contents are signed

– Replay attacks?

Change the “Last-Modify” header of the GET

response to the future

– “You’re inside the Matrix”

• No more updates up to that future date

DEMO

42

Conclusions


Vulnerability Details

Affects iOS 5.x - 7.x (up to the latest version) – iOS 5.0 released on October 12, 2011

– Vulnerability discovered on early 2012, between…

• 5.0.1 (Nov 10, 2011) & 5.1 (March 7, 2012)

• It has survived multiple iOS versions: 5, 6 & 7

– Long time verifying it has not been fixed

– Long time collecting iOS software update files (plist XML files)

Targeted and very carefully planned attacks – Plenty of time to launch future attacks

• Forever (persistent - Matrix) or between iOS updates (now)

Stealthy attacks – The update freeze can be reverted back silently


Vulnerability Limitations

Cannot be used to downgrade to a previous

version, but to remain on the current version

Can by bypassed via iTunes

– Different update check mechanism (HTTPS)

– Temporarily, as iTunes does not change the iOS

device update state if cancelled

– What is the current iOS update user behavior?

• iTunes or OTA


Vulnerability Usage

Outside the information security field…

People complaining because they didn’t want to update from iOS 6 to iOS 7 – Huge user interface (GUI) change they didn’t like

But their iOS device used +1Gb of space (e.g. 16Gb iPad) just to locally store the new iOS 7 update – New update is available

– Download update

– Install update

“Unwanted iOS 7 occupying space on iOS 6 devices”

Freeze the iOS device at iOS 6 and never get iOS 7


Vulnerability Exploitation Freeze the version of a target device and wait for the next succulent

iOS update fixing a critical flaw

Wait… that sounds like… goto fail;

– Speculation: Released on February 21, 2014 (although it is older)

• Without any public researcher recognition (Apple?)

– For iOS 7.0.6 & 6.1.6, but not for OS X Mavericks (10.9) – in a hurry?

– CVE-2014-1266 • Lack of proper certificate validation: DHE & ECDHE

• https://www.imperialviolet.org/2014/02/22/applebug.html

https://www.gotofail.com


Vulnerability Disclosure: History

Vulnerability discovered on early 2012 – +2 years (or +750 days or +…)

– Obtained a copy of the iOS software update file for 5.0 & 5.0.1 from other researchers (March 2012), but not the early doc update files

Vulnerability notified to Apple on February 6, 2014 – The "Month and a Day Rule“ (“Yes We Can” )

E-mails – Feb 6: Standard Apple automated response confirming reception

– Feb 14: Apple asked for PoC for permanent disabling • Sent a detailed response clarifying the attack techniques

• “Thanks for the clarification.”

A victim iPad got a new update on March 1, 2014 – Last Saturday: “Apple has changed something on their servers!”

• Without sending any notification to the researcher…

• … and trying to break his demo at Rooted CON 2014


Vulnerability Disclosure: Today1…


We don’t learn from the past!

Vulnerability Fix(es)

Why OTA SW updates didn’t use HTTPS by design? – Did Apple put too much trust on the IPSW integrity verification?

• Lack of verification of the update contents (e.g. evilgrade, 2010)

– Lack of verification of the update checks

• Differentiate between update checks and update contents

– httpS://mesu.apple.com & http://appldnld.apple.com

• Caching responses for sensitive checks is probably not a good idea

• Certificate pinning?

– Performance impact?

• Again, differentiate update checks from update contents

– Conspiracy theory or… another developer ‘mistake’

• Design, implementation, Q&A, security testing… (Apple?)

MDM solutions: Verify the latest version is applied


Real Vulnerability Impact (1/2)

How many people could I (or others knowing about this, e.g. NSA) have attacked using this ‘simple’ vulnerability? – During the last +2 years

– Considering all the potential victims available worldwide • Some of them very relevant and managing very sensitive information

– By freezing their device to an old & vulnerable iOS version… • Temporarily or permanently

– … in order to exploit other iOS vulnerabilities, such as… • 197 vulnerabilities fixed in iOS 6.0

• 80 vulnerabilities fixed in iOS 7.0

• Other critical vulnerabilities fixed in intermediate iOS 5.x, 6.x & 7.x versions

– More than 20 iOS lock screen bypass vulnerabilities between iOS 5.x-7.x

– Ending up with the last goto fail in iOS 7.0.6

• Including multiple jailbreaks available meanwhile (wait for the next one…)

– Silently, without the victim users noticing • And even with the option of stealthily reverting the attack back…


Freezing iOS from iOS 6 to iOS 7…

Real Vulnerability Impact (2/2)

… with one single exception, where the user

might have noticed the lack of an iOS update

52

This is the world we live in…

… overly dependent on technology,

highly sophisticated, but still immature

and very vulnerable

53

Produced by:

Directed by:

Casting by:

IPSW Assistant:

iOS5.0 & 5.0.1 files:

(March 2012)

Music by:

Costume Designer:

Credits Raúl Siles

Mónica Salas

E & E

Apple

Jorge Ortiz

Jay Freeman (saurik)

Jan Hindermann

Siletes

camisetasfrikis.es


Questions?

55

w w w. d i n o s e c . c o m @ d i n o s e c

R a ú l S i l e s r a u l @ d i n o s e c . c o m @ r a u l s i l e s

iOS: Back to the Future - DinoSec€¦ · · 2014-06-24–Similar to common law sentences ......

Documents

Transcript of iOS: Back to the Future - DinoSec€¦ · · 2014-06-24–Similar to common law sentences ......