i s - dinosec · · 2014-06-242014 © dino security s.l. ... –similar to common law sentences...

2014 © Dino Security S.L.

All rights reserved. Todos los derechos reservados.

w w w . d i n o s e c . c o m

@ d i n o s e c

Raúl Siles

[email protected]

@raulsiles

@dinosec

June 3, 2014

i S


Outline

• Vulnerability research and markets

• Apple & iOS: State of the art

– iPhone/iPad in business

– SSA

• Can we manipulate the iOS update process?

• Vulnerability details: iOS 5, 6, 7…

– Attacks

• Conclusions

• Credits


Vulnerability Research & Markets

Insider View


Vulnerability Markets

• How security vulnerability information is managed and traded today?

– Importance of (vuln) information systems for modern economy and society

• Who is going to potentially buy your cyber weapon?

– Closed privileged groups

• Black market: cyber criminals

• Public markets: private security companies, governments, brokers…

– E.g. Subscription fees for 25 zero-days per year: USD $2.5 million

– What is it going to be used for?

• Compromise all vuln systems w/o people ever having knowledge of the threat

– Vulns remain private for an average of 151 days (+100 exploits per year)

– Real risk exposure: Assume you are already compromised

• NSSLabs – “The Known Unknowns” (Dec 5, 2013)

– “International Vulnerability Purchase Program” (Dec 17, 2013)

https://www.nsslabs.com/reports/known-unknowns-0 https://www.nsslabs.com/reports/ivpp


Disclosure Options

‘Responsible’ disclosure

• Do nothing

– Assuming it is the best way to serve the community

• Coordinated disclosure (vendor)

– Information about vulnerabilities is a valuable asset

• Security researchers require compensation for time spent

• Full disclosure

– Motivate vendors to act

• Sell it

– Bug bounty (vendor)

– Broker or directly to third-parties


Vulnerability Research

• For previous vulnerability research I followed…

– Responsible and coordinated disclosure with vendors

– But it was time to research the current vulnerability markets

• Vulnerability was accepted and published in one of the vulnerability purchase programs

• No real interest out of RCE, LPE and information disclosure (memory addresses)

• Vulnerability discovered in early 2012 (+2.5 years)

– Keeping it private (as far as I know) and verifying it is still not public and valid

requires lot of effort (specially over long periods of time)

– Remained private until March 2014 (at RootedCON)

• What happens in Madrid stays in Madrid

– … and June 2014 at Area41: “First anniversary!”

• What if someone finds it meanwhile… or the vendor fixes it?

– For how long a not very complex vulnerability can remain undisclosed?

– Value of modern vulnerabilities and exploits is based on who knows about them

• How to provide details without disclosing too much?


Vulnerability Research & Disclosure

• We know vendors do not always take relevant issues seriously…

– "Why iOS (Android…) Fail inexplicably". Raul Siles. Rooted CON 2013

• “When should a researcher initially notify a vendor with no serious

bug bounty before releasing an undisclosed vulnerability in a

security conference?” (Community disclosure?)

– It depends: vendor, bug, researcher, follow-ups… (“negotiate”)

• Complexity, criticality, scope…

• Evolution of security business landscape

– Vulnerability disclosure policies are like assh*les…

• …everyone has one!

• The "Month and a Day Rule" (DinoSec 2014)

– Similar to common law sentences

– Vulnerability notified to Apple on February 6, 2014 (1m + 1d)


Apple & iOS: State of the Art


iPhone/iPad in Business (1/2)

• Your business or Apple business model?

– Hardware, software, services & contents

• App Store & iTunes

• Apple Q1 2014 financial results

– Sales (quarter): 51M iPhones & 26M iPads

– Revenue: $57.6 billion

• $4.4 billion on iTunes/Software/Service

– Net quarterly profit: $13.1 billion

– 65 billion in apps cumulative ($15 billion to developers)

• 1 million apps cumulative in 24 categories

https://www.apple.com/pr/library/2014/01/27Apple-Reports-

First-Quarter-Results.html


iPhone/iPad in Business (2/2)

• iOS design, features, and architecture

– https://www.apple.com/iphone/business/it/

– https://www.apple.com/ipad/business/it/

• iOS security model (Feb’14)

– Updates: System Software Authorization

https://www.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf


System Software Authorization (1/2)

• To prevent devices from being downgraded

– Older versions lack the latest security updates

• “An attacker who gains possession of a device could install

an older version of iOS and exploit a vulnerability that’s been

fixed in the newer version”

• Jailbreak?

• iTunes or wirelessly over the air (OTA)

– Full copy of iOS or only the components required

• Connects to Apple’s installation authorization server – Crypto measurements for each part of installation bundle (LLB,

iBoot, kernel & OS image), nonce & ECID (device unique ID)


System Software Authorization (2/2)

• Authorization server checks measurements

against versions permitted by Apple

– Allows only latest version for each device model

• Narrow signing window (~24h)

– Apple signs measurements, nonce and ECID

• Per device (ECID) and per restore (nonce)

• Every firmware installation is remotely verified

(signed) by Apple during every restore or upgrade

– Started with iPhone 3G[S] & iOS 3 (using ECID only)

• "Verifying restore with Apple...“

– iTunes “personalizes” the firmware file (ECID…): SHSH


Apple iOS Downgrade (1/3)

• SHSH blobs and APTickets – Signature HaSH (SHSH blobs) and nonce (APTicket)

• Cydia (saurik) & redsn0w (Musclenerd) & iFaith (iH8sn0w)

• TSS Center (Cydia), redsn0w,TU, iFaith…

– MitM (& cache) signature server: gs.apple.com

• Source: http://svn.saurik.com/repos/menes/trunk/cysts/

– The verifier was the Tatsu Signing Server (TSS)

• Spidercab (Apple internal equivalent), running at ‘tatsu-tss-

internal.apple.com’ (Apple VPN), is used to sign old versions...

http://www.saurik.com/id/12 (iOS 3.x) http://www.saurik.com/id/15 (iOS 6.x)



• SHSH blobs (SHA-1 hashes ;160-bit digests) – iPhone Software (IPSW) file (ZIP file)

• Build manifest: BuildManifest.plist

– List of files and their content (+ Apple integrity signature) digests

• “Personalization” process

– Build manifest TSS request Apple SHSH blobs

Replace files signature section with SHSH blobs

• APTickets – Introduced with iOS 5.x

– Block of data with digest for all files used during boot • No IPSW file “personalization” any more (APTicket)

• Contains a “nonce” (anti-replay mechanism - uncacheable)



• Caching the uncacheable – Restore to very old iOS versions (no APTicket)

– Downgrade tricks history

• http://www.jailbreakqa.com/faq#32763 …

– Exploits for reusing APTickets

• No way to downgrade from iOS 6.x to older versions on

newer devices (as of April 2013) – Eligible older devices

• iPhone 4 & 3G[S], iPad, and iPod Touch 4th (A4 processor)

– limera1n BootROM exploit (redsn0w can dump TSS info from device)

• iPad2

– Go from iOS 5 (or 6) to iOS 4 (no APTicket) and back to iOS 5

• iPad 2, 3 & iPhone 4s: From iOS 5 to any other iOS 5 version

Requirement: TSS information previously saved


http://iossupportmatrix.com


Can We Manipulate the iOS Update

Process?

Without a new BootROM exploit


Relevant iOS 5 Change

• Over the Air (OTA)

– iOS software updates

• Settings - General - Software Update

– iTunes data sync & backup over Wi-Fi

• iTunes 10.5+

– Options – Sync with this iPhone over Wi-Fi

– iCloud backup

• Settings - iCloud - Storage & Backup

Apple fans behavior change: Getting rid of the USB cables


iOS OTA Update Process

• HTTP (vs. HTTPS)

– iOS software (IPSW) integrity verification

– Software update server: http://mesu.apple.com

• Automatically used by iOS…

– … or manually launched by the user

• Settings - General - Software Update

• iOS software update (plist) file (XML format)

– References (URLs) to all the current iOS version files

http://appldnld.apple.com


Main iOS SW Update Files

• iOS software update (plist) file – http://mesu.apple.com/assets/

com_apple_MobileAsset_SoftwareUpdate/

com_apple_MobileAsset_SoftwareUpdate.xml

• iOS software update documentation (plist) file – http://mesu.apple.com/assets/

com_apple_MobileAsset_SoftwareUpdateDocumentation/

com_apple_MobileAsset_SoftwareUpdateDocumentation.xml

• iOS 5.0 (GM) was not offered via OTA

– iOS 5.0 betas (4-7) & 5.1 beta 2 were offered via OTA

– iOS 5.0.1 was the first public OTA version


iOS 5.x & 6.x


iOS 5 & 6: HEAD Request

HEAD /assets/com_apple_MobileAsset_SoftwareUpdate/

com_apple_MobileAsset_SoftwareUpdate.xml HTTP/1.1

Host: mesu.apple.com

User-Agent: MobileAsset/1.0

Connection: close

Content-Length: 0

HEAD /assets/com_apple_MobileAsset_SoftwareUpdate/



User-Agent: $%7BPRODUCT_NAME%7D/1 CFNetwork/548.0.4

Darwin/11.0.0

Content-Length: 0

Connection: close


iOS 5 & 6: HEAD Response

HTTP/1.1 200 OK

Server: Apache

ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"

Content-MD5: oNVyoddHvxLCsQeRblBskw==

Last-Modified: Tue, 07 Jan 2014 17:45:50 GMT

Accept-Ranges: bytes

Content-Length: 283956

Content-Type: application/xml

Date: Mon, 20 Jan 2014 11:02:00 GMT

Connection: close

If it contains a date greater than

the date from the last update, it

will ask for the new content:

GET.


iOS 5 & 6: GET Req & Resp

GET /assets/com_apple_MobileAsset_SoftwareUpdate/



Connection: close


HTTP/1.1 200 OK

Server: Apache

ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"






Date: Mon, 20 Jan 2014 11:02:00 GMT

Connection: keep-alive

...


iOS 5 & 6: GET Req & Resp

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"

"http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Assets</key>

<array>

<dict>

<key>Build</key>

...

<key>OSVersion</key>

<string>7.0.4</string>

...

<key>Certificate</key>

<data>

MIID...YSoiag78twmDRk726aYmxNIfYYpDs0hS7Mw==

</data>

<key>Signature</key>

<data>

LyfS...pvlWlONSzNYx9qZdS6B7Fs6JgHqw9DA1d2w==

</data>

<key>SigningKey</key>

<string>AssetManifestSigning</string>

</dict>

</plist> Same behavior with the iOS SW update documentation file


Last-Modified: Date

Can we manipulate the iOS update process?


StarWars or Matrix?


• Man in the Middle (MitM) attacks

– E.g. Wi-Fi network impersonation attacks • http://www.dinosec.com/docs/RootedCON2013_Taddong_

RaulSiles-WiFi.pdf

• http://vimeo.com/70718776

• iProxy: MitM Python tool – Twisted (https://twistedmatrix.com)

• Event-driven networking engine (e.g. sslstrip)

– Implements both StarWars and Matrix attacks

• Multiple and flexible options

Vulnerability Exploitation


“These aren’t the updates you’re looking for”


StarWars Attack

• Block and/or drop the HEAD request (timeout)

– Fail: It sends a GET request

– Block and/or drop the GET request (timeout)

• Fail: Error message

– When the user manually checks for updates

– “Unable To Check for Update”

• Change the “Last-Modified” header of the HEAD

response to the past

– “These aren’t the updates you’re looking for”

DEMO


“This is your last chance. After this, there is no turning back. You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Appleland and I show you how deep the update-hole goes.”


Matrix Attack

• Change the “Last-Modify” header of the HEAD

response to the future

– Forcing a GET request

• Change the contents of the GET response

– Fail: The response contents are signed

– Replay attacks?

• Change the “Last-Modify” header of the GET

response to the future & provide a previous file

– “You’re inside the Matrix”

• No more updates up to that future date

DEMO


iOS Software Update Files Repo


iCamasu

• iCamasu

– iOS com_apple_MobileAsset_SoftwareUpdate

• Python-based tool to parse and extract details

from Apple iOS software update PLIST files

– com_apple_MobileAsset_SoftwareUpdate.xml

• Version 0.41 (~ Area41)

– Multiple parsing options…

• Min & Max iOS versions, several summaries, search by iOS

version, search by Apple device, full details…

http://www.dinosec.com/en/lab.html#iCamasu

Released today!

$ ./iCamasu.py

com_apple_MobileAsset_SoftwareUpdate.xml (SHA-1:b21edffaf1b62d0d911a0974f15e54d111127162)

= 396870 bytes, 260 assets, 37 devices, 5 versions, min: 5.1.1, max: 7.1.1


iOS 7.x


iOS 7: GET Request

GET /assets/com_apple_MobileAsset_SoftwareUpdate/



If-Modified-Since: Tue, 07 Jan 2014 17:45:50 GMT

Accept-Encoding: gzip, deflate

Accept: */*

Accept-Language: en-us



HEAD request removed from iOS 7

It discloses the date from the last

update stored on the iOS device:

THANKS iOS!


iOS 7: GET Response (304)

• If there is no new update from that date…

HTTP/1.1 304 Not Modified



ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"

Date: Mon, 20 Jan 2014 12:35:20 GMT

Connection: keep-alive The date on the “Last-Modified”

header does not influence the

iOS behavior this time (304)


iOS 7: GET Response (200)

• If there is a new update from that date…

HTTP/1.1 200 OK

Server: Apache

ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"






Date: Mon, 20 Jan 2014 11:02:00 GMT


<?xml version="1.0" encoding="UTF-8"?>

...

<plist version="1.0">

<dict>

...

<key>OSVersion</key>

<string>7.0.4</string> ...

Temporary vs. Permanent attacks


StarWars Attack

• Block and/or drop the GET request (timeout)

– Fail: Error message

• When the user manually checks for updates

• “Unable To Check for Update”

• Send a 304 response

– “These aren’t the updates you’re looking for”

• Change the “Last-Modified” header of the GET request to the

future to get a 304 from Apple’s server

• Change the GET response manually to 304

This 304 Jedi trick does not work for iOS 6

DEMO


Matrix Attack

• Change the contents of the GET response

– Fail: The response contents are signed

– Replay attacks?

• Change the “Last-Modify” header of the GET

response to the future

– “You’re inside the Matrix”

• No more updates up to that future date

DEMO


Conclusions


Vulnerability Details

• Affects iOS 5.x - 7.x (up to the latest version) – iOS 5.0 released on October 12, 2011

– Vulnerability discovered on early 2012, between… • 5.0.1 (Nov 10, 2011) & 5.1 (March 7, 2012)

• It has survived multiple iOS versions: 5, 6 & 7

– Long time verifying it has not been fixed

– Long time collecting iOS software update files (plist XML files)

• Targeted and very carefully planned attacks – Plenty of time to launch future attacks

• Forever (persistent - Matrix) or between iOS updates (now)

• Stealthy attacks

– The update freeze can be reverted back silently


Vulnerability Limitations

• Cannot be used to downgrade to a previous

version, but to remain on the current version

• Can by bypassed via iTunes

– Different update check mechanism (HTTPS)

– Temporarily, as iTunes does not change the iOS

device update state if cancelled

– What is the current iOS update user behavior?

• iTunes or OTA


Vulnerability Usage

• Outside the information security field…

• People complaining because they didn’t want to

update from iOS 6 to iOS 7

– Huge user interface (GUI) change they didn’t like

– But their iOS device used +1Gb of space (e.g. 16Gb

iPad) just to locally store the new iOS 7 update

• New update is available

• Download update

• Install update

• “Unwanted iOS 7 occupying space on iOS 6 devices”

Freeze the iOS device at iOS 6 and never get iOS 7


Vulnerability Exploitation

• Freeze the version of a target device and wait for the next

succulent iOS update fixing a critical flaw • Wait… that sounds like… goto fail;

– Speculation: Released on February 21, 2014 (although it is older)

• Without any public researcher recognition (Apple?)

– For iOS 7.0.6 & 6.1.6, but not for OS X Mavericks (10.9) - in a hurry?

– CVE-2014-1266 • Lack of proper certificate validation: DHE & ECDHE

• https://www.imperialviolet.org/2014/02/22/applebug.html

https://www.gotofail.com


Vulnerability Disclosure: History

• Vulnerability discovered on early 2012 – +2 years (or +750 days or +…)

– Obtained a copy of the iOS software update file for 5.0 & 5.0.1 from

other researchers (March 2012), but not the early doc update files

• Vulnerability notified to Apple on February 6, 2014 – The "Month and a Day Rule“ (“Yes We Can” )

• E-mails – Feb 6: Standard Apple automated response confirming reception

– Feb 14: Apple asked for PoC for permanent disabling • Sent a detailed response clarifying the attack techniques

• “Thanks for the clarification.”

• A victim iPad got a new update on March 1, 2014 – Saturday: “Apple has changed something on their servers!”

• Without sending any notification to the researcher…

• … and trying to break his demo at Rooted CON 2014


Vulnerability Today (1/4)



• Apple implemented the following check in its iOS

software update server (mesu.apple.com) on March 1…

– Pseudo-code

...

/* Process GET request */

if ( header(‘If-Modified-Since’) is missing ) ||

( header(‘If-Modified-Since’) > date(now) )

goto fail;

else

/* Check the date to reply with a 304 or 200 */

...

fail:

/* Send a ‘200 OK’ response including the current iOS

software update file, to avoid dates from future */

...



• iOS 6

– StarWars attacks still work

– Matrix attacks still work

• iOS 6 does not send the “If-Modified-Since” header

• iOS 7

– StarWars attacks still work (304)

– Matrix attacks: Change the “Last-Modify” header of the

GET response to the current date (minus one minute)

• “You’re inside the Matrix”

• Remain on the current version and no more updates up to the

next one

DEMO



• Since iOS 7.1…

– In order to start downloading new

iOS updates, the passcode is

mandatory… delaying the update

process


Glitch in The Matrix

• And if you look carefully you can see it…

Do you remember sometimes anomalies show up in The Matrix?


Vulnerability Fix(es)

• Why OTA SW updates didn’t use HTTPS by design? – Did Apple put too much trust on the IPSW integrity verification?

• Lack of verification of the update contents (e.g. evilgrade, 2010)

– Lack of verification of the update checks • Differentiate between update checks and update contents

– httpS://mesu.apple.com & http://appldnld.apple.com

• Caching responses for sensitive checks is probably not a good idea

• Certificate pinning?

– Performance impact? • Again, differentiate update checks from update contents

– Conspiracy theory or… another developer ‘mistake’ • Design, implementation, Q&A, security testing… (Apple?)

• MDM solutions: Verify the latest version is applied

iOS OTA was released late 2011… and it is 2014 now!


Real Vulnerability Impact (1/2)

• How many people could I (or others knowing about this, e.g.

NSA) have attacked using this ‘simple’ vulnerability? – During the last +2 years

– Considering all the potential victims available worldwide • Some of them very relevant and managing very sensitive information

– By freezing their device to an old & vulnerable iOS version… • Temporarily or permanently

– … in order to exploit other iOS vulnerabilities, such as… • 197 vulns in iOS 6.0, 80 vulns in iOS 7.0, plus others…

– Ending up with the last goto fail in iOS 7.0.6

• Including multiple jailbreaks (or wait for the next one…)

– Silently, without the victim users noticing

• And even with the option of stealthily reverting the attack back…

Although the vulnerability markets were not very interested on it…


Real Vulnerability Impact (2/2)

Freezing iOS from iOS 6 to iOS 7…


This is the world we live in…

… overly dependent on technology, highly

sophisticated, but still immature and very vulnerable


Credits

Raúl Siles

Mónica Salas

E & E

Apple

Jorge Ortiz

Jay Freeman (saurik)

Jan Hindermann

Siletes

camisetasfrikis.es

– Produced by:

– Directed by:

– Casting by:

– IPSW Assistant:

– iOS5.0 & 5.0.1 files:

(March 2012)

– Music by:

– Costume Designer:


Questions?

w w w. d i n o s e c . c o m

@ d i n o s e c

R a ú l S i l e s

r a u l @ d i n o s e c . c o m

@ r a u l s i l e s

i s - dinosec · · 2014-06-242014 © dino security s.l. ... –similar to common law sentences...

Documents