Dailydave mailing list archives
Re: iPhone Security
From: Kristian Erik Hermansen <kristian.hermansen () gmail com>
Date: Tue, 5 Jan 2016 12:53:33 -0800
On Tue, Jan 5, 2016 at 8:31 AM, Dave Aitel <dave () immunityinc com> wrote:
http://immunityproducts.blogspot.com/2016/01/the-danger-of-other-on-iphone.html
The TL;DR version is that the mail client is not validating the SSL/TLS certificate. In older versions of iOS, when testing, I felt this was a weak area of the platform. I notified Apple Security of the issue, but received no response from them about it. However, in later versions of iOS 8/9 (?) a new option / enforcement was added to the platform for certificate validation. I never trusted Apple would completely fix this, or they may have a regression, so I was weary of utilizing it. Since you need to put in your Google creds for Contacts (and for calendar before Google released a standalone Calendar app in 2015), that was something I would only enable like once a month while on trusted wifi to sync new contacts). In any event, there are tons of outstanding issues on Apple's platforms that have weaknesses that I have reported and go unfixed. Here is a short list of other things that smell dangerous too and remain unfixed last I checked... * Apple App Store connections do not utilize HTTPS * Apple App Store leverages a lot of XML (hint hint) * Privileged network-positioned attackers (NSA?) can uniquely track Apple iOS clients by injecting HTTP headers and getting them cached client-side, or utilize other client sniffing tricks * Updates for Apple platform and apps come over HTTP, but do you really trust the in-line digital signatures over HTTP against nation states? * Apple OS X printer drivers (like HP) are distributed over HTTP links, without encryption, and install without any Apple binary signature (inject your OS backdoors here into the kernel via the ZIP file stream in transit) * Numerous other Apple OS X components, distributed apps, drivers, and sometimes other components are distributed without being signed / attributed to Apple (untrusted). * Apple Maps API data wasn't encrypted, last I checked I could keep going...here are some links and descriptions... * Apple Maps on iOS Leaks All Geo Data over HTTP without Encryption http://gspe19.ls.apple.com/tile.vf * Apple iOS crypto libraries don't support strong ciphers > 128bits * iOS Allows Invalid Profile Cryptographic Keys to be Installed Open the following links in Safari: http://iapnupdatetfdata.straighttalk.com http://iapnupdateatt.straighttalk.com * Numerous Apple updates / downloads over insecure HTTP: http://mesu.apple.com/assets/com_apple_MobileAsset_SafariCloudHistoryConfiguration/com_apple_MobileAsset_SafariCloudHistoryConfiguration.xml http://download.info.apple.com/Apple_Support_Area/ http://supportdownload.apple.com/download.info.apple.com/Apple_Support_Area/Apple_Software_Updates/Mac_OS_X/downloads/031-3384.20140211.Xcc3e/BootCamp5.1.5621.zip http://support.apple.com/downloads/DL907/en_US/hpprinterdriver3.1.dmg http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=22512&cat=33&platform=osx&method=sa/TextTranslator.zip -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- iPhone Security Dave Aitel (Jan 05)
- Re: iPhone Security Kristian Erik Hermansen (Jan 05)
- Re: iPhone Security Bojan Zdrnja (SANS ISC) (Jan 11)
- Re: iPhone Security Dave Aitel (Jan 11)