C-sharp : Unsafe custom SSL implementation
Classification
Overview
The class that is used for the certificate validation can contain trivial methods. This can lead to a loss of confidentiality of the data transferred via SSL / TSL protocols.
While establishing a protected connection (handshake), a server sends its public key and certificate, which are a cryptographic proof that the public key belongs to the owner of the server, to the client. The authenticity of certificates is provided by Certification Authority.
Even if the methods of the redefined method are not trivial, their implementation is likely to contain mistakes leading to the same consequences.
A possible attack scenario:
- The attacker enters the user’s WLAN and redirects the user’s traffic through the attacker’s server (for example, via DNS cache poisoning).
- The user initiates a connection to
https://safeserver.example.com.via an SSL / TLS protocol through the application. - The attacker sends his/her own public key and a self-signed certificate generated by him/herself for the
https://safeserver.example.com.domain to the application . - The application verifies that the received certificate matches the requested domain, ignoring the fact that the received certificate is self-signed.
Insufficient Transport Layer Protection vulnerabilities take the third place in the “OWASP Mobile Top 2014” mobile platforms vulnerabilities ranking.
References
- Security with HTTPS and SSL - developer.android.com
- OWASP Mobile Top 10 2014-M3: Insufficient Transport Layer Protection
- OWASP Mobile Top 10 2016-M3-Insecure Communication
- CWE-295: Improper Certificate Validation
- HTTPS with Client Certificates on Android - Rich Freedman / chariotsolutions.com
- SSL on Android: The Basics - Mark Murphy / commonsware.com
- Using self signed certificates in Android - Taneli Korri
- Trusting all certificates using HttpClient over HTTPS - emmby, Bostone / stackoverflow.com