Upgrading approaches to the secure mobile architectures #appbuilders16 @vixentael

OR

Everything will be BROKEN! #appbuilders16 @vixentael

Everything will be BROKEN, so what should we do? #appbuilders16 @vixentael

Intro: this is a picture

This is a picture: virgin sight network backend logic the app server environment #appbuilders16 @vixentael

UI/UX deliver fast! GTD! swift boring crap, waste of life maaaagic! magic.. MVP! #appbuilders16 @vixentael This is a picture: mobile focus

source of trust risk we control sandbox dragons lots of risk even if app is good easy to f*ck up #appbuilders16 @vixentael This is a picture: security vision

#appbuilders16 @vixentael This is a picture: the reality FBI CIA NSA hackers QA engineers

the brains! #appbuilders16 @vixentael This is a picture: our control

The problem

The problem bad cryptography insecure API’s plaintext traffic data leakage denial of service remote jailbreak over bluetooth stolen credentials man-in-the-middle

Openness Speed Ignorance The problem #appbuilders16 @vixentael

How bad is it? Like this Control Nissan LEAF via vulnerable APIs http://www.troyhunt.com/2016/02/controlling- vehicle-features-of-nissan.html #appbuilders16 @vixentael http://www.wired.com/2015/07/gadget-hacks- gm-cars-locate-unlock-start/ http://samy.pl/defcon2015/ hacking cars using OnStar app to locate, unlock and remote start vehicles what could possibly go wrong?

No content

iMessage Recovery of Plaintext iMessage Data using Javascript http://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client- recovery-of-plaintext-imessage-data/ Grab all your iMess aHachments via key enumeraIon http://blog.cryptographyengineering.com/2016/03/attack-of- week-apple-imessage.html #appbuilders16 @vixentael

This is how bad it is! #appbuilders16 @vixentael iOS vulnerabilities by years raw data from cvedetails.com 0 100 200 300 400 2007 2008 2009 2010 2011 2012 2013 2014 2015 1 9 27 32 37 112 90 120 384

This is how bad it is! http://blog.mindedsecurity.com/2015/03/ssl- mitm-attack-in-afnetworking-251-do.html >1500 vulnerable apps via flawed AFNetworking <10% popular apps use SSL pinning #appbuilders16 @vixentael iOS vulnerabilities by years raw data from cvedetails.com 0 100 200 300 400 2007 2008 2009 2010 2011 2012 2013 2014 2015 1 9 27 32 37 112 90 120 384

SO WHAT?

Why does this even happen?

Our mindset is wrong a bit “It works” != “It’s secure” Mobile’s limited abilities require specific server behavior Mobile is not traditional client- server Design-driven development is frequently a security disaster #appbuilders16 @vixentael

Mobile is an odd thin client #appbuilders16 @vixentael – Can server really address you by IP address? – Can server expect RFC behavior of your IP stack? – Can server and client share code and components with proper trust? – Is IPC / RPC behavior reciprocal between client and server? – Is client and server equal in their capacity for technical decisions? Mobile considers itself in a proper client-server relationship, but:

Mobile is an odd thin client #appbuilders16 @vixentael – Can server really address you by IP address? – Can server expect RFC behavior of your IP stack? – Can server and client share code and components with proper trust? – Is IPC / RPC behavior reciprocal between client and server? – Is client and server equal in their capacity for technical decisions? Mobile considers itself in a proper client-server relationship, but: NOPE ;)

Mobile security is hard and yet undeveloped #appbuilders16 @vixentael Sophisticated problems security-wise No well established techniques Very blurred risk models

What exactly are we risking?

Identity Data Control What we risk? #appbuilders16 @vixentael

Data #appbuilders16 @vixentael personal data health data conversations certificates passwords contacts users’ data

Identity #appbuilders16 @vixentael identification (credentials) attacker access allowed! application

Control #appbuilders16 @vixentael Remember those cars, right?

What should we do?

Understand the strong sides #appbuilders16 @vixentael limited ecosystem low collateral risk things user has and you can trust authentication/trust is quite good data safety almost network passive narrowed threat scope

Trust no one. But yourself #appbuilders16 @vixentael trust server less explicit trust involve users ☁

Echelonization #appbuilders16 @vixentael if the system has one perimeter, it will fail!

Echelonization #appbuilders16 @vixentael authenticate manually verify credentials use many factors ..add more layers of defense!

Compartmentalization #appbuilders16 @vixentael limit the access to information to those who need to know it in order to perform certain tasks store secure transmit display

SO WHAT?

Practice time! techniques for your architectures

Do all classic things #appbuilders16 @vixentael https://speakerdeck.com/vixentael/avoiding-damage-shame-and- regrets-data-protection-for-mobile-client-server-architectures Protect transport well, authenticate server, pin certificates Authenticate everything Encrypt everything in motion and at rest Protect keys well Then escalate with novel techniques read my previous slides

End-to-end encryption 101 #appbuilders16 @vixentael users own all keys server can’t see anything important transport keys are ephemeral app state does not rely on server state ☁

End-to-end encryption 101+1 #appbuilders16 @vixentael https://cossacklabs.com/choose-your-ios-crypto.html large + text

Multi-factor authentication #appbuilders16 @vixentael things you have things you know things you are phone device sim card ID docs private/public key password address answer to quesIon biometrics of all kinds

Multi-factor authentication #appbuilders16 @vixentael things you have things you know things you are phone device sim card ID docs private/public key password address answer to quesIon biometrics of all kinds 2+ = MFA && &&

Zero-knowledge: problem no trust :( #appbuilders16 @vixentael

Zero-knowledge: proof! trust :) #appbuilders16 @vixentael https://cossacklabs.com/introducing_secure_comparator.html wanna know more?

Is this it?

Combining things: secure app v.1 SSL storage encryption storage encryption data leakage MiTM weak SSL #appbuilders16 @vixentael

Combining things: secure app v.2 end-to-end encryption #appbuilders16 @vixentael storage encryption storage encryption weak auth blind trust ephemeral keys protected transport

Combining things: secure app v.3 #appbuilders16 @vixentael end-to-end encryption storage encryption storage encryption ephemeral keys protected transport MFA ZKP

It is simple, isn’t it?

Key points #appbuilders16 @vixentael 1. read these slides again, tapping on links 2. read ‘Additional reading’ 3. read my previous presentations 4. analyze your current system 5. implement the techniques 6. ??? 7. profit! …feel free to contact me

Thank you for listening @vixentael iOS developer at stanfy.com iOS contributor at Themis/cossacklabs.com

Additional reading https://medium.com/stanfy-engineering-practices/data-protection-for-mobile-client-server- architectures-6e6dcabd871a Data Protection For Mobile Client-Server Architectures http://mashable.com/2016/04/16/apple-security-explained/ How Apple Security works https://www.cossacklabs.com/avoid-ssl-for-your-next-app.html Why you should avoid ssl for your next application https://cossacklabs.com/choose-your-ios-crypto.html Crypto in iOS: choose your destiny https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet OWASP: iOS application security testing cheat sheet