[cryptography] Mobile Traffic Interception (SSL/TLS and VPN)

Jeffrey Walton noloader at gmail.com
Sun Sep 9 14:05:00 PDT 2012


Hi M.

> not sure what you meant by mobile
Anything wireless is in scope - Cellular radios, WiFi, Bluetooth, etc.
I'm really interested in mobile devices which spend most of their time
outside a logical security boundary of an organization.

> wifi/wimax environment is almost identical to wired networks on this issue
I agree that wireless suffers the same problems as wired. But I think
the surface area increased disproportionately. With landlines between
floors (or perhaps a leased line to/from a datacenter), I usually have
some sort of physical security.

In wireless, I don't have many of the assurances (how effective they
are in a wired environment is a different story). A bad guy could set
up a Wifi access point or base station, and my phone or tablet will
happily camp to it. Plus, phones and tablets often come pre-loaded
with certificates from OEMs and carriers (if they are burned into ROM,
I probably can't manage them). And there is the customary law
enforcement taps (x2 since both the wireless carriers and telcos
likely provide them). Finally, there's WAP which places the MitM by
design.

> if somebody thinks SSL offers security ...
Verbum sapienti.

In short, I know the problems exist in the mobile arena, and I'm
looking for the published results.

Jeff

On Sun, Sep 9, 2012 at 3:38 PM, Mh <mhtajik at gmail.com> wrote:
> not sure what you meant by mobile . wifi/wimax kind of mobile clients or
2g/3g/4g types ? i am not aware of papers but based on personal experiments
wifi/wimax environment is almost identical to wired networks on this issue but
Xg's and satellite networks have many different factors including the strong
country/region based regulations , vendor/operator related demands on
customizing application processor OS ( assuming it is the one that handles SSL
) and the update scenario and strategy based on operator or client choices ,
jailbreak related issues , etc could have impacts on SSL security . i've got
many cellphones in lab that have vast difference in trusted authorities , how
to handle CRL update , offers of OTA ,etc . essentially , examining Xg's
traffics , whether it is Voice , Signaling or Data ( includes IP stuff like
SSL ) is by no mean a friendly job . this is why projects like openbts are
important . two typical remote attacks are 1.silent change in os by modifying
updates which could be done by hacking into the operator which is , trust me ,
an easy job 2.using a GSM-style active interception and impersonating the
network as a whole , then proceed with evil activities using tricks , fishing
, bugs , enforced redirects to metasploit-like infected pages . over all , if
somebody thinks SSL offers security , and she wants to asses if to use the
first environment or the second , i'd suggest the 1st .
>
> Regards
> M.
>
>
> On [Z)X4YX(Y, X4YX1[YX1 [1[9, [1[3[9[1 at [2[3:[3[1, Jeffrey Walton
wrote:
>
>> Hi All,
>>
>> Is anyone aware of papers or studies on HTTPS traffic interception in
>> mobile networks?
>>
>> I know Colling Mulliner did a study of HTTP headers and information
>> leakage in the past. I know we have Trustwave (and I'm not aware of
>> published results of Mozilla's subsequent actions) and the more
>> general problem of Public CA hierarchies. I am aware of products like
>> BlueCoat and Dr. Matt Greene's Interception Proxies page. I believe
>> the EFF is aggregating data on SSL/TLS at the moment, but the data
>> will not be released for some time.
>>
>> With HTML5 and WebSockets, I believe we can build a smarter client
>> that can detect interception based on pinning (either public key or
>> certificate). Is anyone aware of any tools for doing so (perhaps where
>> aggregated data is offered)?
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





More information about the cypherpunks-legacy mailing list