Ron Gutierrez Gotham Digital Science GDS Outline 2 Outline 3 Bring Your Own Device BYOD Enterprises are embracing Bring Your Own Device BYOD Employees use personal devices to access company resources ID: 726515
Download Presentation The PPT/PDF document "Contain Yourself: Building Mobile Secure..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Contain Yourself:Building Mobile Secure Containers
Ron GutierrezGotham Digital Science (GDS)Slide2
Outline
2Slide3
Outline
3Slide4
Bring Your Own Device (BYOD)Enterprises are embracing “Bring Your Own Device” (BYOD)
Employees use personal devices to access company resourcesUnlike managed devices, device policies cannot be enforced
4Slide5
Why BYOD?5Slide6
What are Secure Containers?Data storage protection performed at the application level
Does not rely on OS security features being activatedAllows security policies to be enforced at the application level
6Slide7
Commercial Solutions7
and many more……Slide8
Why Secure Containers?Orgs want employees to have convenient access to sensitive resources (
email, documents, apps with sensitive data, etc)Allows them to have control of their data on unmanaged devices
8Slide9
Why Secure Containers?Unmanaged Devices
Organizations cannot enforceDevice is passcode protected (Data Protection)
Device Passcode Policies
Remote Wipes
Device is not Jailbroken
Data Protection (DP)
Developers can opt-in to use DP APIs
Must crack device passcode to access data
9Slide10
Outline
10Slide11
How Are Secure Containers Made?Application Wrapping
Functionality injected into existing applicationsEnforces security at the application levelData encryption
a
t
r
est
Authentication
Policy enforcement
No code changes required by developerSlide12
Application Wrapping
12Slide13
iOS App Wrapping AnalysisCitrix Cloud Gateway MDX Application Wrapping AnalysisTool accepts IPA files
Application is re-signed using Distribution CertificateOutputs a new wrapped IPA file
Let’s analyze the outputSlide14
iOS App Wrapping AnalysisDiffing a pre-wrapped and post-wrapped iOS binary with HexFiend
14
View address offset
with
MachOView
tool to see what was changed
A LC_LOAD_DYLIB is added to the App’s Mach-O Load CommandsSlide15
iOS App Wrapping AnalysisDiffing a pre-wrapped and post-wrapped iOS binary with HexFiend
15
View address offset
with
MachOView
tool to see what was changed
A LC_LOAD_DYLIB is added to the App’s Mach-O Load CommandsSlide16
iOS App Wrapping AnalysisDiffing a pre-wrapped and post-wrapped iOS binary with HexFiend
16
View address offset
with
MachOView
tool to see what was changed
A LC_LOAD_DYLIB is added to the App’s Mach-O Load CommandsSlide17
iOS App Wrapping Analysis
17
Updates to the Code Signature of the BinarySlide18
iOS Method Swizzling
Can modify implementations of iOS Objective-C methods
http://cocoadev.com/wiki/MethodSwizzling
Seen in
Cydia
applications
MobileSubstrate
Tweaks
Cycript
18
foh
swizzle?Slide19
iOS App Life Cycle 10119Slide20
iOS App Life Cycle 10120
Let’s swizzle hereSlide21
Swizzle EarlyStatic/Dynamic libraries can overwrite implementations upon startupImplement swizzling within
load method on Obj-C objects
+(void) load
Invoked whenever a class or category is added to the Objective-C runtime; implement this method to perform class-specific behavior upon loading.
The load message is sent to classes and categories that are both dynamically loaded and statically linked, but only if the newly loaded class or category implements a method that can respond.
https://developer.apple.com/library/ios/documentation/Cocoa/Reference/Foundation/Classes/nsobject_Class/Reference/Reference.html#//apple_ref/occ/clm/NSObject/loadSlide22
Objective-C Swizzling 10122
Method original, swizzled;
original =
class_getInstanceMethod
(class, @selector(
application:didFinishLaunchingWithOptions
:));
swizzled
=
class_getInstanceMethod
(self, @selector(
swizzled_application:didFinishLaunchingWithOptions
:));
method_exchangeImplementations
(original,
swizzled
);Slide23
Objective-C Swizzling 10123
Method original, swizzled;
original =
class_getInstanceMethod
(
class
, @selector(
application:didFinishLaunchingWithOptions
:
));
swizzled
=
class_getInstanceMethod
(self, @selector(
swizzled_application:didFinishLaunchingWithOptions
:));
method_exchangeImplementations
(original,
swizzled
);
Specify class and method to be replacedSlide24
Objective-C Swizzling 10124
Method original, swizzled;
original =
class_getInstanceMethod
(class, @selector(
application:didFinishLaunchingWithOptions
:));
swizzled
=
class_getInstanceMethod
(
self
, @selector(
swizzled_application:didFinishLaunchingWithOptions
:
));
method_exchangeImplementations
(original,
swizzled
);
Specify class and method containing your new implementationSlide25
DEMO: Method SWIZZLINGContain Yourself: Building Mobile Secure Containers
25
So I heard we are
gonna
get
swizzled
up in this piece?.. Nah mean?Slide26
I Can Swizzle.. Now What?That was a simple POC on how to implement a secure container solution using a static libraryWhat now?Org-wide static library can solve the various common iOS security issuesApparently there is a market for these things as wellSlide27
Outline
27Slide28
Principles To Live By
28Slide29
Broken By DesignStoring crypto key on the deviceCrypto key derivation material stored on deviceData storage not protected by app authentication passcode
Authentication Designs
Might as well start encrypting with
ROT13+1
@
YOLOCrypto
approved algorithm
Essentially Security By ObscuritySlide30
Real World ExampleMint - Financial Management ApplicationSupports passcode protectionPasscode is not used to protect any application dataSusceptible to client-side bypass via Runtime Manipulation
30
Let’s bypass itSlide31
Bypassing Mint Pin ScreenDecrypt AppStore Binary using ClutchRun class-dump on the decrypted binaryPrints out class information from Mach-O filesIdentify some methods which might control the lock screen
31
“Mach-O Man” Randy SavageSlide32
32@interface GalaAppDelegate
: NSObject <UIApplicationDelegate
,
WebServiceDelegate
,
UIAlertViewDelegate
,
BWQuincyManagerDelegate
>
{
[..snip..]
+ (id)
sharedController
;
[..snip..]
- (void)
logInWithUsername
:(id)arg1 password:(id)arg2;
- (void)
logInUsingStoredMintToken
;
- (void)
popAwayLogin
;
- (void)
popUpFirstRunView
;
- (void)
popUpWelcomeView
;
- (void)
updateStatusString
:(id)arg1;
- (void)
setStatusCode
:(
int
)arg1;
- (void)
popAwayPasscode
;
- (void)
popUpPasscode
;
[..snip..]
Mint.app class-dump results snippetSlide33
33@interface GalaAppDelegate
: NSObject <UIApplicationDelegate
,
WebServiceDelegate
,
UIAlertViewDelegate
,
BWQuincyManagerDelegate
>
{
[..snip..]
+ (id)
sharedController
;
[..snip..]
- (void)
logInWithUsername
:(id)arg1 password:(id)arg2;
- (void)
logInUsingStoredMintToken
;
- (void)
popAwayLogin
;
- (void)
popUpFirstRunView
;
- (void)
popUpWelcomeView
;
- (void)
updateStatusString
:(id)arg1;
- (void)
setStatusCode
:(
int
)arg1;
- (void)
popAwayPasscode
;
- (void)
popUpPasscode
;
[..snip..]
Mint.app class-dump results snippetSlide34
Analyze Function via Mobile SubstrateAllows you to hook Obj-C methods on any appUses similar approach as described earlierRequires
jailbroken deviceI like to use Theos for quick and dirty hooking
34
http://iphonedevwiki.net/index.php/Theos
Goal is to identify when passcode related methods are calledSlide35
35%hook GalaAppDelegate
- (void)popAwayLogin {
%log;
%
orig
;
}
- (void)
popAwayPasscode
{
%log;
%
orig
;
}
- (void)
popUpPasscode
{
%log;
%
orig
;
}
%end
%
ctor
{
NSLog
(@"Application is now hooked by RG");
%init;
}
Simple
Theos
Tweak to Identify When Calls Are MadeSlide36
36%hook GalaAppDelegate
- (void)popAwayLogin {
%log;
%
orig
;
}
- (void)
popAwayPasscode
{
%log;
%
orig
;
}
- (void)
popUpPasscode
{
%log;
%
orig
;
}
%end
%
ctor
{
NSLog
(@"Application is now hooked by RG");
%init;
}
Simple
Theos
Tweak to Identify When Calls Are Made
Logs method call to console
Calls original methodSlide37
Demo: Using CyCript TO Bypass PincodeContain Yourself: Building Mobile Secure Containers
37Slide38
Authentication DesignsThings get trickier due to online and offline accessOnline only apps could store keys server-side
Key returned only after successfully authenticatingMust handle server-side key storage.. this may be a painWhat about offline access?App might need access to data with even with no network accessSlide39
39Authentication Design For Online and Offline SupportSlide40
40Authentication Design For Online and Offline SupportSlide41
41Authentication Design For Online and Offline Support
Used to encrypt container dataSlide42
42
Authentication Design For Online and Offline Support
Never persist keysSlide43
43
Authentication Design For Online and Offline Support
Never persist keys
Crypto is hard.. bewareSlide44
Offline AuthenticationCommon Issues
Stored data not encrypted using passphrase derived keyCauses offline authentication to be susceptible to bypassWeak Key Derivation Function Used
PBKDF2 (minimum 4096 iterations) recommended
Insufficient passphrase complexity enforcement
44Slide45
Weak Real World ExamplePassword & Data VaultPassword vault authentication uses
bcrypt Bcrypt is fairly resistant to offline brute force attacks
45
But…
how is the symmetric key generated? Slide46
Weak Real World Examplespublic Encryption(String paramString
){ byte
[]
arrayOfByte
= new byte[16];
arrayOfByte
[0
] = 0;
[..
snip..]
arrayOfByte
[15
] = 0;
[..snip..]
try {
this.key
= new
SecretKeySpec
(this.sha1HashBytes, "AES");
this.ips
= new
IvParameterSpec
(
arrayOfByte
);
[..snip..]
46
Decompiled Android Code From Application
Single iteration
SHA256 hash of passphraseSlide47
Brute Force Time Comparisons47
Algorithm Time (s)
PBKDF2 (4096
iters
)
317.647
SHA256
0.001
SHA256 + AES Decrypt
0.080
Merkle-Damgard
hash functions and AES are fast
Susceptible to offline brute forcingSlide48
Outline
48Slide49
Completeness of ImplementationThe solution must not only consider the obvious APIsHow about the subtle OS “features” that cache data?
NSHTTPCookieStorage on Persistent CookiesNSURLRequest Caches
Document Interactions API
iOS Snapshots
Keyboard Caching
How about Keychain Data?
Are filenames also encrypted?
You Complete MeSlide50
Good For Enterprise (GFE)iOS Document Interaction API used for handling documentsSave document into the GFE Container
Email document through corporate email within GFEAllows GFE to be used to open specific file types in iOS
50Slide51
Good For Enterprise (GFE)Open-in must bypass iOS SandboxiOS System writes the file to GFE App Container
Documents/Inbox folderFile is not protected by the GFE data encryptionFile persists unencrypted for an extended period
51Slide52
Client’s Custom Secure ContainerMissed wrapping calls to NSHTTPCookieStorage
Apps store persistent cookies in plaintextLibrary/Cookies/Cookies.binarycookies
The cookie store also not removed on data wipes
52Slide53
Outline
53Slide54
Remote WipesThe traditional iOS MDM remote wipes cannot be usedRemote wipes must be triggered at app level
iOS limitations allow apps to only enforce wipe while active54
Isn’t iOS 7 Supposed To Have Some
New Background Features? Slide55
Remote Wipes in iOS 7iOS 7 added Background Modes CapabilityBackground fetch to poll for remote resets periodicallyRequires wrapping to modify Info.plist file
Sounds promising, more research neededRemote NotificationsNot practical for application wrapping solutionsRequires:
APNS Service Setup
Application specific APNS certificates
55Slide56
Client-side Policy EnforcementAll client-side restrictions can be bypassed
Pick your poisonIntercept & modify policies as they are sent to the deviceModify policies while cached on the device
Runtime hooking of policy handling methods
Performed checks server-side where possible
Move critical pieces of code to low level code
Obj
-C is easy to reverse.. make it harder for the bad guys
56Slide57
Jailbreak DetectionMost of the exploits pointed out require a JailbreakPreventing secure containers from running on Jailbroken device goes a long wayIf you can’t bypass Xcon
Cydia app, epic failDetection should be low-level and difficult to reversehttp://appminder.nesolabs.de/
Jailbreak Detection Generator in ASM +
AntiDebugging
57Slide58
Thanks For Coming!Come visit the GDS & Send Safely Booth!Check out the GDS Blog for updates on this topic Slides and Code will be posted to GDS Github page
https://github.com/GDSSecurity58
Contact Info:
email:
rgutierrez@gdssecurity.com
twitter: @rgutie01
github
: https://github.com/rongutierrezSlide59
Imageshttp://business.bt.com/it-support-and-security/bring-your-own-device/http://media.desura.com/cache/images/members/1/404/403836/thumb_940x3000/370353317d04acc2b8df61a95d9b78f3.jpghttp://cache.boston.com/bonzai-fba/Globe_Photo/2012/05/21/mbta__1337592242_8154.JPG
59