Common crypto flaws in finance mobile apps

Transcript

1. Common Crypto Flaws in Finance Mobile Apps @duongkai 1/8/2016 1

2. Agenda  Why we have this talk?  How I

   do this?  Common crypto flaws I found?  Conclusion Disclaimer: It is my opinions, not my employer. 1/8/2016 2

3. 1/8/2016 3 The below is not “Blame war”

4. Zend framework, 2016 1/8/2016 4 Bleichenbacher found this in 1998

   Zend is still vulnerable in 2016

5. Joomla, 2015 1/8/2016 5

6. https://github.com/joomla/joomla- cms/blob/ec8a72f4cd0519786b9001dd3dd593131e7d32d2/libraries/joomla/cry pt/cipher/simple.php#L61-L100 1/8/2016 6

7. This talk started when  After some source code review

   projects, some flaws occurred repeatedly.  Learning crypto is a hard way.  The developers did not understand why they do due many reasons.  Google/Stackoverflow copy&paste patterns  Importantly, I am a customer. 1/8/2016 7

8. If You Googling Some Crypto Code http://tozny.com/blog/encrypting-strings-in-android-lets- make-better-mistakes/ 1/8/2016 8

9. So, It Is My Journey https://play.google.com/store/apps/category/FINANCE/collection/topselling_free 1/8/2016 9

10. Answer These Questions  Are they using HTTP/HTTPS API endpoint?

     Is HTTPS using correctly?  Do they use weak crypto primitives (AES/ECB, MD5, RSA/PKCS1.5)  Did they try to reinvent the wheel?  This is a ordinary source code review. No exploitation code here (although it can be). 1/8/2016 10

11. It is a RE work  Get APK from Google

    Play services. PureAPK  Decompiling APK to source code by using LinkedIn Qark, JAD and APKTool  Assessing API Endpoint which were embedded in soure code by using Qualys SSL Test and Symantec CryptoReport.  Finding weak crypto primitives AES/ECB, MD5, DES, RSA/PKCS1.5  Finding something fun. 1/8/2016 11

12. Results 1/8/2016 12

13. Oh, many HTTP(s) here 1/8/2016 13

14. HTTPS with self-signed certs 1/8/2016 14

15. HTTPS API endpoint 1/8/2016 15 https://card.vietinbank.vn/mpos/payment (F) https://3dsecure.sacombank.com.vn/mpos-pp (C) https://www.mpos.vn

    (C) https://vcbmobilebankingp2.smartlink.com.vn (C) https://mobile.vietcapitalbank.com.vn (A) https://mpos.tpb.vn (A-) https://mobile.cyberpay.vn/ (C) https://ipay.vn (F) https://ebanking.vietinbank.vn/ (F) https://www.baokim.vn (A) https://id.vatgia.com (A) https://pay.vtc.vn/ (F) https://m.eximbank.com.vn (F) https://mobileapp.msb.com.vn/ (C) https://www.msacombank.com.vn/MBAWeb/FMB (A-) https://ebank.msb.com.vn/ (A-) https://ebanking.hdbank.vn (F) https://card.sacombank.com.vn (C) https://3dsecure.sacombank.com.vn/MP8092 (C) https://agribank.vnpay.vn (F)

16. If You’re Typing the Letters AES Into Your Code, You’re

    Doing It Wrong @tqbf 1/8/2016 16

17. AES/ECB 1/8/2016 17 public static String doAESEncrypt(String paramString1, String paramString2)

    throws Exception { Key localKey = generateKey(paramString2); Cipher localCipher = Cipher.getInstance("AES"); localCipher.init(1, localKey); return new String(Base64.encodeBytes( localCipher.doFinal(paramString1.getBytes()))); } Notes: - Java Security Documentation doesn’t mention about this way. - Default in Oracle Java 6/Java 7 is AES/ECB/PKCS5Padding

18. Do You Know AES/ECB work??? 1/8/2016 18

19. Triple DES with ECB 1/8/2016 19

20. Fixed Key 1/8/2016 20

21. Fixed key, Fixed IV 1/8/2016 21

22. CBC Encryption mode 1/8/2016 22 IV is used to make

    the ciphertext different with a particular plaintext.

23. Private Key in Code… 1/8/2016 23

24. SSL Connection in 1 min 1/8/2016 24 Do you know

    you have a safe connection when you are using mobile apps?

25. The Most Dangerous Code in the World: Validating SSL Certificates

    in Non-Browser Software 1/8/2016 25 https://cs.utexas.edu/~shmat/shmat_ccs12.pdf

26. NULL in validation 1/8/2016 26

27. 1/8/2016 27

28. Create a new Fake TrustManagers 1/8/2016 28

29. 1/8/2016 29 Flag: ALLOW_ALL_HOSTNAME_VERIFIER is turn ON. And… “Use of

    AllowAllHostnameVerifier() or SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER essentially turns off hostname verification when using SSL connections. This is equivalent to trusting all certificates.”[6]

30. Reinvent the Wheel How to Secure on HTTP Case studies

    from wild world 1/8/2016 30

31. A Securities app 1/8/2016 31 Everything goes through HTTP

32. Encryption using AES/CBC 1/8/2016 32 Encryption key is user’s password

    or session key sent from server

33. Common Crypto Flaws  Using weak ciphers (MD5, DES) 

    Fixed key, fixed IV  HTTPS is not using correctly  No certificates validation  Design your own crypto schemes 1/8/2016 33

34. Q&A 1/8/2016 34