Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where,...
Transcript of Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where,...
![Page 1: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/1.jpg)
Mobile SSL Interception in the Wild
Where, how, and why?
Alban Diquet Thomas Sileo Data Theorem BlueHat 2017
![Page 2: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/2.jpg)
Agenda
• Data collection methodology
• Data set and analysis of forged SSL certificates
• Results of the analysis
• Conclusion
![Page 3: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/3.jpg)
Data Collection Methodology
![Page 4: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/4.jpg)
TrustKit
• Open-source library for SSL reporting and SSL pinning
• Released for iOS in 2015 and for Android earlier this year
• https://github.com/datatheorem/TrustKit
• Makes it easy to monitor and improve the security of the app’s network connections
![Page 5: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/5.jpg)
SSL Pinning
• Hardcode in the app the SSL public key(s) to be expected to be used by the app’s server(s)
![Page 6: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/6.jpg)
SSL Pinning
• Hardcode in the app the SSL public key(s) to be expected to be used by the app’s server(s)
![Page 7: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/7.jpg)
SSL Pinning
• Hardcode in the app the SSL public key(s) to be expected to be used by the app’s server(s)
![Page 8: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/8.jpg)
SSL Pinning
• Hardcode in the app the SSL public key(s) to be expected to be used by the app’s server(s)
lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=
![Page 9: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/9.jpg)
SSL Reporting
• Send a report whenever an SSL error occurred
• Default/OS SSL validation error
• Name mismatch, expired certificate, untrusted CA, etc.
• TrustKit Pinning validation error
• Pinned SSL key not found in the server’s chain
App Server
![Page 10: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/10.jpg)
SSL Reporting{ "app-bundle-id": "com.datatheorem.testtrustkit", "app-version": “1.2", "app-vendor-id": "599F9C00-92DC-4B5C-9464-7971F01F8370", "app-platform": "IOS", "trustkit-version": “1.5.3", "hostname": "www.datatheorem.com", "port": 443, "noted-hostname": "datatheorem.com", "include-subdomains": true, "enforce-pinning": true, "validated-certificate-chain": [ "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----" ], "date-time": "2015-06-08T01:58:05Z", "known-pins": [ "pin-sha256=\"rFjc3wG7lTZe43zeYTvPq8k4xdDEutCmIhI5dn4oCeE=\"", "pin-sha256=\"TQEtdMbmwFgYUifM4LDF+xgEtd0z69mPGmkp014d6ZY=\"" ], "validation-result": 1 }
![Page 11: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/11.jpg)
SSL Reporting• TrustKit can be configured to send the reports to any
domain
• Data Theorem hosts one for free that developers can leverage
• Dashboard to see trends and inspect individual reports
• Notifications for when something unexpected happens
• Suspicious actor, spike in reports, etc.
![Page 12: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/12.jpg)
Demo
![Page 13: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/13.jpg)
Data Set and Report Classification
![Page 14: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/14.jpg)
The Data Set
• From nearly 2 000 different apps
• Banking
• Shopping
• Music/streaming
• News
Top PlatformiOS 93.3%
Android 5.3%macOS 1%tvOS 0.4%
![Page 15: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/15.jpg)
The Data Set
Top CountriesUS 71%GB 9.5%TW 7.3%CA 1.8%
HK 1.3%
![Page 16: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/16.jpg)
The Data Set
• 3.3 million unique certificate chains
• 78% of the certificates matched the hostname
• Actual interception attempts
Certificate chain depth2 62.2%3 24%1 11.4%4 1.8%5 0.5%6 0.001%
![Page 17: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/17.jpg)
Report Classification
• Use different heuristics to try to find the root cause
• By looking at the content of the report, mainly the certificate chain
• Save some metadata along with the server date
• Contact the server for the hostname that was in the report, to fetch its “real” certificate chain
![Page 18: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/18.jpg)
Report Classification
• Perform default SSL validation on the certificate chain
• Leverage a set of rules that can target:
• A specific certificate or a specific public key
• Any certificate fields (Common Name, etc.)
![Page 19: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/19.jpg)
Report Classification
dev_tools: PortSwigger: root: - 'PortSwigger CA' Fiddler: root: - 'DO_NOT_TRUST_FiddlerRoot' Charles Proxy: root: - !regexp '^Charles Proxy Custom Root Certificate \(built on .+\)$' - !regexp '^Charles Proxy CA \(.+\)$' mitmproxy: root: - 'mitmproxy' […]
![Page 20: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/20.jpg)
Report Classification{ "app-bundle-id": “com.datatheorem.corporate_proxy",
"hostname": "www.datatheorem.com", “validated-certificate-chain”: [ "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----" ], "date-time": "2017-03-03T21:27:12Z", "validation-result": 1, "...": “…",
raw report
![Page 21: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/21.jpg)
{ "app-bundle-id": “com.datatheorem.corporate_proxy",
"hostname": "www.datatheorem.com", “validated-certificate-chain”: [ "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----" ], "date-time": "2017-03-03T21:27:12Z", "validation-result": 1, "...": “…",
Report Classificationraw report
![Page 22: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/22.jpg)
{ "app-bundle-id": “com.datatheorem.corporate_proxy",
"hostname": "www.datatheorem.com", “validated-certificate-chain”: [ "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----" ], "date-time": "2017-03-03T21:27:12Z", "validation-result": 1, "...": “…",
Report Classificationraw report
"…": […], "server_certificate_chain": [ "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", “-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----" ], "received_at”: “2017-03-03T21:27:25Z", }
report metadata
![Page 23: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/23.jpg)
{ "app-bundle-id": “com.datatheorem.corporate_proxy",
"hostname": "www.datatheorem.com", “validated-certificate-chain”: [ "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----" ], "date-time": "2017-03-03T21:27:12Z", "validation-result": 1, "...": “…",
Report Classificationraw report
"…": […], "server_certificate_chain": [ "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", “-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----" ], "received_at”: “2017-03-03T21:27:25Z", }
report metadata!=
![Page 24: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/24.jpg)
Report Classification{ "app-bundle-id": “com.datatheorem.corporate_proxy", "hostname": "www.datatheorem.com", “validated-certificate-chain”: [ "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n[…]\n-----END CERTIFICATE-----" ], "date-time": "2017-03-03T21:27:12Z", "validation-result": 1, "...": “…",
{ "certificate_chain_infos": [ {"issuer": {"common_name":"Fortigate CA", “…": […],
raw report
certificate chain info
![Page 25: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/25.jpg)
Report Classification
flagged for manual review
corporate_appliance: Cisco Umbrella: url: 'https://umbrella.cisco.com/' root: - 'Cisco Umbrella Primary SubCA' […]
{ "certificate_chain_infos": [ {"issuer": {"common_name":"Fortigate CA", “…": […],
certificate chain info
classifier ruleset
![Page 26: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/26.jpg)
Report Classification
corporate_appliance / Fortinet
corporate_appliance: […] Fortinet: leaf: - !IssuerCommonName 'FortiGate CA' […]
{ "certificate_chain_infos": [ {"issuer": {"common_name":"Fortigate CA", “…": […],
certificate chain info
classifier ruleset
![Page 27: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/27.jpg)
Results of the Analysis
![Page 28: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/28.jpg)
Classification Categories
9 195 807 reports
![Page 29: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/29.jpg)
Classification Categories
9 195 807 reports
Spyware 39%Pins Misconfig 34%
Captive Portals 11%Not Reviewed Yet 6%Server Misconfig 4.3%
Corp Networks 2.2%Unknown 2.5%
Client Clock Misconfig 0.5%Dev Artifacts 0.5%
![Page 30: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/30.jpg)
Non-Mitm Categories9 195 807 reports
Captive Portals 11%Not Reviewed Yet 6%
Unknown 2.5%
Client Clock Misconfig 0.5%
Server Misconfig 4.3%
![Page 31: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/31.jpg)
Non-Mitm Categories9 195 807 reports
Server Misconfig 4.3%
![Page 32: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/32.jpg)
Server Misconfiguration• Category for servers with expired SSL certificates
• Huge spike of report when a certificate deployed in production expired:
![Page 33: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/33.jpg)
Non-Mitm Categories9 195 807 reports
Captive Portals 11%Not Reviewed Yet 6%
Unknown 2.5%
Client Clock Misconfig 0.5%
Server Misconfig 4.3%
![Page 34: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/34.jpg)
Previous Work
• Data from Chrome desktop for google.com:
![Page 35: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/35.jpg)
Non-Mitm Categories9 195 807 reports
Captive Portals 11%Not Reviewed Yet 6%
Unknown 2.5%
Client Clock Misconfig 0.5%
Server Misconfig 4.3%
![Page 36: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/36.jpg)
Classification Categories
9 195 807 reports
Spyware 39%Pins Misconfig 34%
Captive Portals 11%Not Reviewed Yet 6%Server Misconfig 4.3%
Corp Networks 2.2%Unknown 2.5%
Client Clock Misconfig 0.5%Dev Artifacts 0.5%
![Page 37: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/37.jpg)
Mitm Categories9 195 807 reports
Spyware 39%Pins Misconfig 34%
Dev Artifacts 0.5%
Corp Networks 2.2%
![Page 38: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/38.jpg)
Mitm Categories9 195 807 reports
Dev Artifacts 0.5%
![Page 39: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/39.jpg)
Development Proxies
![Page 40: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/40.jpg)
Mitm Categories9 195 807 reports
Spyware 39%Pins Misconfig 34%
Dev Artifacts 0.5%
Corp Networks 2.2%
![Page 41: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/41.jpg)
Mitm Categories9 195 807 reports
Corp Networks 2.2%
![Page 42: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/42.jpg)
Corporate Networks
![Page 43: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/43.jpg)
Corporate Networks• For servers with a 2048 RSA certificate, what is the size of
the middlebox’s certificate?Middlebox Downgrade
158 375 reports
2048-bit 68%
1024-bit 29%
2432-bit 1.9%
4096-bit 1.1%
512-bit 0.14%• 29% of reports showed a
downgrade to RSA 1024 or less
• TLS 1.3: big debate around encryption VS inspection
![Page 44: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/44.jpg)
Mitm Categories9 195 807 reports
Spyware 39%Pins Misconfig 34%
Dev Artifacts 0.5%
Corp Networks 2.2%
![Page 45: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/45.jpg)
Mitm Categories9 195 807 reports
Pins Misconfig 34%
![Page 46: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/46.jpg)
Pins Misconfiguration
• The SSL pins hardcoded in the app do not match the server’s “real" certificate chain!
• With enforce-pinning disabled:
• The app still works but is constantly sending reports
• With enforce-pinning enabled:
• The app’s connections will always fail
![Page 47: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/47.jpg)
Pins Misconfiguration• 22% of apps with misconfigured SSL pins
• Pressure on mobile developers to implement SSL pinning in their apps
• From security teams, bug bounties, etc.
• But most apps do not need it
• Significant logistical overheard to keep pins in the app in sync with the server SSL keys
![Page 48: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/48.jpg)
Pins Misconfiguration
![Page 49: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/49.jpg)
Pins Misconfiguration
![Page 50: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/50.jpg)
“Several thousands of customers of small and medium-sized businesses, operating mostly in the
UK market, will not be able to perform any transactions from 8.30 a.m. 25/11/16 on a "Black Friday" and during the holiday shopping period.
This will affect hundreds of thousands of customer's transactions, until the application is
updated, and then released again.”
![Page 51: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/51.jpg)
Mitm Categories9 195 807 reports
Spyware 39%Pins Misconfig 34%
Dev Artifacts 0.5%
Corp Networks 2.2%
![Page 52: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/52.jpg)
Mitm Categories9 195 807 reports
Spyware 39%
![Page 53: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/53.jpg)
Spyware Categories
Market Intelligence3 580 078 reports
Ad Blocker18 463 reports
Parental Control10 820 reports
![Page 54: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/54.jpg)
Spyware Categories
Market Intelligence3 580 078 reportsMobileXpression 91%Digital Reflection 4%Verto Analytics 3.3%
Luth 1.4%AnalyzeMe 0.3%
Ad Blocker18 463 reports
Parental Control10 820 reports
![Page 55: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/55.jpg)
Spyware - Market Intel
• Mainly investigated MobileXpression and Digital Reflection
• Common Name of the intercepting root/CA certificate
• Large number of reports across ~20 000 devices
• Only seen on iOS devices
![Page 56: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/56.jpg)
MobileXpression
![Page 57: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/57.jpg)
Demo
![Page 58: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/58.jpg)
MobileXpression
![Page 59: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/59.jpg)
MobileXpression
![Page 60: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/60.jpg)
What Happened?• A configuration profile was installed on the device
• With an always-on VPN config
• To route all traffic through the MobileXpression server
• With a custom root CA added to the device’s trust store
• To allow traffic decryption by the MobileXpression server
MobileXpression VPN App Server
![Page 61: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/61.jpg)
MobileXpression?
“MobileXpression is a service of comScore, Inc., a global leader in measuring the digital world,
providing insights into consumer behavior and attitudes.”
![Page 62: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/62.jpg)
ComScore
• Owner of several “market research” apps
• MobileXpression, Digital Reflection
• Promise users rewards (gif cards, etc.) for installing the app and configuration profile
![Page 63: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/63.jpg)
ComScore
• Owner of several “market research” apps
• MobileXpression, Digital Reflection
• Promise users rewards (gif cards, etc.) for installing the app and configuration profile
![Page 64: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/64.jpg)
ComScore
“This capability is based on a massive, global cross-section of approximately 2 million
consumers, who have allowed comScore to collect their online browsing, hardware and application
usage, and purchasing behavior.”
![Page 65: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/65.jpg)
ComScore• Inspect/decrypt all the users’ traffic to measure app
usage
• ComScore’s business model as a "measurement company”
![Page 66: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/66.jpg)
Spyware - Market Intel• Configuration profiles are problematic
• Highly technical security warnings when installing the profile
• The profile/VPN does not get uninstalled when removing the app
• Makes sense from a technical perspective but will confuse users
• But not an easy issue to fix
• Corporate enrollment / MDM use case
• A profile can be installed directly via Safari
• Banning the spyware app from the store does not prevent it
![Page 67: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/67.jpg)
Spyware Categories
Market Intelligence3 580 078 reports
Ad Blocker18 463 reports
Parental Control10 820 reports
![Page 68: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/68.jpg)
Spyware Categories
Market Intelligence3 580 078 reports
Parental Control10 820 reports
Ad Blocker18 463 reports
Defend My WiFi 59%AdBl0ck 34%
AdGuard 7%
![Page 69: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/69.jpg)
Spyware - Ad Blocker• Similar technical implementation with a VPN and custom CA
• Defend My WiFi
• "Automatically turns public Wi-Fi into safe and secure private WiFi”
• Company does not exist anymore?
• Adblock Mobile
• iOS 8: SSL mitm on ad domains only
• iOS 9+: No more custom CA installed
![Page 70: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/70.jpg)
Spyware Categories
Market Intelligence3 580 078 reports
Ad Blocker18 463 reports
Parental Control10 820 reports
![Page 71: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/71.jpg)
Spyware Categories
Market Intelligence3 580 078 reports
Ad Blocker18 463 reports
Parental Control10 820 reports
Qustodio 74%Accountable2You 24%
Circle Go 2%
![Page 72: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/72.jpg)
Spyware - Parental Control
• Qustodio, Accountable2You, Circle Go
• Parental control/monitoring tools
![Page 73: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/73.jpg)
Conclusion
![Page 74: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/74.jpg)
What did we see?• Traffic interception does happen, and for many reasons
• It has an impact on the security of the connection
• Usually not malicious
• Employers
• Users “willingly” sharing their data for a reward
• No visible move from Apple and Google on this
![Page 75: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/75.jpg)
What do we do?• Which group does your app belong to?
• It is acceptable to expose the user’s data to “lawful interception” (such as the user’s employer)
• Games, Business apps
• The user’s data is private and can never be exposed
• Mobile banking
• Can be technically enforced via SSL pinning
![Page 76: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/76.jpg)
What do we do?• More options on mobile compared to the web
• SSL reporting can help understand what is happening across your user base
• SSL pinning can be used for sensitive apps
• Does not prevent reverse-engineering of your app
• Significant burden and risk of catastrophic failure
• Must be decided and planned carefully
![Page 77: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/77.jpg)
Thanks!
@nabla_c0d3 @trucsdedev
![Page 78: Mobile SSL Interception in the Wild - Blog | In SecurityMobile SSL Interception in the Wild Where, how, and why? Alban Diquet Thomas Sileo Data Theorem BlueHat 2017](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70dd2325df446d1615784b/html5/thumbnails/78.jpg)
Questions?
@nabla_c0d3 @trucsdedev