An Analysis of Android SSL (In)Security Why Eve & Mallory Love Android.

An Analysis of Android SSL (In)Security

Why Eve & Mallory Love Android

Android AppsAndroid is the most used

Smartphone OS in the world with 48% market share

Over 400,000 apps in the Google Play Market

Android apps have been installed over 10 billion times

Apps process a lot of privacy-related user data and have valid reasons to transmit it over the internet

ProblemApps are not forced to use SSLApps are allowed to customize SSL so many Android apps use SSL incorrectly and are vulnerable to MITM attacks

User has no idea when Android uses SSL

Users are misinformed about the security of the connection or misinterpret warning signs

Able to inject virus code into an antivirus app to disable virus detection and detect arbitrary apps as a virus.

Able to capture credentials from American Express, Paypal, various bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, etc

Secure Sockets Layer (SSL)Used to establish a secure connection

between a client and server.Client receives a X.509 certificate

containing the server’s public key that is signed by a certificate authority.

Client should validate certificate but this is not yet required by the SSL and X.509 standards.

SSL Validation ChecksDoes the subject (CN) of the certificate

match the client’s desired destination?Is it a trusted Certificate Authority (CA)?Is the signature correct?Has the certificate expired?Has the certificate been revoked?

Check Certificate Revocation Lists (CRLs)?

Use Online Certificate Status Protocol (OCSP)?

SSL Misuses in AndroidTrusting all certificates

Disregards the signer of the certificate and the subject

Allowing all hostnamesDoes not check if certificate was issued

for a given addressTrusting many Certificate Authorities

Attacks on CAs in 2011 makes trusting 134 root authorities questionable

Mixed-Mode / No SSLCan mix secure with insecure connections

or use no SSL

Man-in-the-Middle AttacksMITMA: an attacker can intercept messages

between conversation partnersPassive (eavesdropping) vs. active (tampering)

Mixed-Mode/No SSL allows for passive MITMA by eavesdropping on non-protected communication or allowing for SSL stripping

SSL stripping avoids SSL by replacing https:// with http://Can occur if a browsing session begins using

HTTP and switches to HTTPS via a link or a redirect.

Evaluating Android SSL UsageBuilt MalloDroid to perform static code analysis

on 13,500 free apps from Google’s Play MarketPermissions

Request INTERNET and other privacy related permissions

Network API callsHTTP transport and Non-HTTP (direct socket connections)

HTTP vs. HTTPSHTTP only, mixed-mode (HTTP and HTTPS), or HTTPS only

HTTPS availableAble to establish a secure connection to the HTTP urls?

Deployed certificatesEvaluates SSL certificates of hosts referenced in apps

SSL Validation

Android SSL UsageHTTP vs. HTTPS

74% could have used HTTPS instead of HTTP46% mixed-mode, 43% HTTP only, 0.8% HTTPS

onlyDeployed SSL Certificates

17.3% bypass effective SSL verification by accepting all certificates or all hostnames for a from a trusted CA

Many apps include HTTPS URLs for hosts that have certificates that are either expired, self-signed, have mismatching CNs (site’s common name) or are signed by non-default-trusted CAs.

MITMA: Trusting All Certificates51% use the INTERNET permission in

addition to permissions to access privacy related information

Trusting all certificatesAttack: MITMA proxy with self-signed

certificateOver half of the banking apps tested

leaked login credentials, affecting an install base of 100,000 – half a million users

Windows Live Messenger service app with 10-50 million users leaks login credentials for email, messaging, or SkyDrive cloud storage

MITMA: Trusting All HostnamesAttack: Cert for an unrelated domain signed

by startSSLApps, including one used by 82% of Fortune

500 companies, leaked credentials for sensitive data

Antivirus app updated virus signatures via broken SSLInstall base of 500,000 – 1 million usersTrusted that connection was secure and

did no further validationAble to send empty signature database

that was accepted without informing the user

Able to create a virus signature for the antivirus which caused it to recognize itself as a virus and delete itself

Overcoming MITMASSL stripping

Used to go to secure login page from insecure landing page

Apps with 1.5 million - 6 million installs leak login credentials for Yahoo, Facebook, and Google

Overcome by forcing HTTPSLazy SSL

Poor SSL validationOvercome with SSL pinning

A custom list of trusted CAs or a custom list of specific certificates

Feedback to UsersApps don’t always display visual feedback

about whether the communication is secure.Email clients did login and registration in

SSL, but sending and receiving mail defaulted to HTTP without alerting the user.

Apps indicate that the connection is secure but are vulnerableMITMA when they fail to establish an SSL

connection or do SSL validationReplay attack when the logins are

encrypted but not freshApps that did prevent MITMA failed and

gave confusing error messages

Countermeasures: OS SolutionsEnforced certificate checking

Disallow custom SSL handling by forcing users to use standard Android API implementation

HTTPS everywhereIntegrated into communication APIs to prevent SSL stripping

Improved permissions and policiesSeparate permissions for SSL and PLAIN so apps can specifyPolicies like GSM_ONLY, NO_OPEN_WIFI,

TRUSTED_NETWORKS to prevent MITMAVisual security feedback

Properly inform users about connection type and security status.

MalloDroid installation protectionIntegrated into app installers to warn user of unsafe apps

Countermeasures: Other SolutionsApp Market Solutions

MalloDroid could be integrated into app market

Automatically checks appsCould prevent apps from entering market

or display the warnings in the app description

Standalone Solution: The MalloDroid App and ServiceEasily deployedAllows user to perform checks on apps

before install

ConclusionGoogle apps handle a lot of personal information for

a lot of different peopleUsers wrongly assume, or are incorrectly informed,

that they are transmitting your securely when apps are not required to use SSL

Apps are vulnerable to MITMA by failing to correctly validate the SSL certificates or by mixing HTTP with HTTPS

Instead of allowing for SSL customization, proper certificate validation should be enforced, HTTPS should be used everywhere, and permissions and policies should be separated so that apps can better protect users’ data.

Users should be better informed about how secure the connection is.