Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]

1
Rooted CON 2014 6-7-8 Marzo // 6-7-8 March 2014 © Dino Security S.L. (www.dinosec.com) All rights reserved.
i S w w w. dinosec. com
@d in os ec
Raúl Siles
raul@dinosec.com
@raulsiles
@dinosec
March 8, 2014

2
Outline
Vulnerability research and markets
Apple & iOS: State of the art
– iPhone/iPad in business
– SSA
Can we manipulate the iOS update process?
Vulnerability details: iOS 5, 6, 7…
– Attacks
Conclusions
Credits

3
Vulnerability Research & Markets
Insider View

4
Vulnerability Markets
How security vulnerability information is managed and traded today?
– Importance of (vuln) information systems for modern economy and society
Who is going to potentially buy your cyber weapon?
– Closed privileged groups
• Black market: cyber criminals
• Public markets: private security companies, governments, brokers…
– Subscription fees: 25 zero-days per year for USD $2.5 million
– What is it going to be used for?
• Compromise all vuln systems w/o the public ever having knowledge of the threat
• Vulns remain private for an average of 151 days (+100 exploits per year)
– Real risk exposure: Assume you are already compromised
NSSLabs
– “The Known Unknowns” (Dec 5, 2013)
– “International Vulnerability Purchase Program” (Dec 17, 2013)
https://www.nsslabs.com/reports/known-unknowns-0
https://www.nsslabs.com/reports/ivpp

5
‘Responsible’ disclosure & Conference disclosure
Disclosure Options
Do nothing
– Assuming it is the best way to serve the community
Coordinated disclosure (vendor)
– Information about vulnerabilities is a valuable asset
• Security researchers require compensation for time spent
Full disclosure
– Motivate vendors to act
Sell it
– Bug bounty (vendor)
– Broker or directly to third-parties

6
Vulnerability Research
For previous vulnerability research I followed…
– Responsible and coordinated disclosure with vendors
– But it was time to research the current vulnerability markets
• Vulnerability was accepted and published in one of the vulnerability purchase programs
• No real interest out of RCE, LPE and information disclosure (memory addresses)
Vulnerability discovered in early 2012 (+2 years)
– Remained private until now
– Keeping it private (as far as I know) and verifying it is still not public requires lot of
effort (specially over long periods of time)
Why is this vulnerability released today?
– You trust your government (country)…
• What about its allies (e.g. NSA)? And others?
– Rooted CON 5th anniversary!
What if someone finds it meanwhile… or the vendor fixes it?
– For how long a not very complex vulnerability can remain undisclosed?
– Value of modern vulnerabilities and exploits is based on who knows about them
How to provide details without disclosing too much?

7
Vulnerability Research & Disclosure
Vendors do not take relevant issues seriously
– "Why iOS (Android…) Fail inexplicably". Raul Siles. Rooted CON 2013
“When should a researcher initially notify a vendor with no serious
bug bounty before releasing an undisclosed vulnerability in a
security conference?” (Community disclosure?)
– It depends: vendor, bug, researcher, follow-ups… (“negotiate”)
• Complexity, criticality, scope…
• Evolution of security business landscape
– Vulnerability disclosure policies are like assh*les…
• …everyone has one!
• The "Month and a Day Rule" (DinoSec 2014)
– Similar to common law sentences
– Vulnerability notified to Apple on February 6, 2014 (1M +1D)

8
Apple & iOS: State of the Art

9
iPhone/iPad in Business (1/2)
Your business or Apple business model?
– Hardware, software, services & contents
• App Store & iTunes
Apple Q1 2014 financial results
– Sales (quarter): 51M iPhones & 26M iPads
– Revenue: $57.6 billion
• $4.4 billion on iTunes/Software/Service
– Net quarterly profit: $13.1 billion
– 65 billion apps cumulative ($15 billion to developers)
• 1 million apps cumulative in 24 categories
https://www.apple.com/pr/library/2014/01/27Apple-Reports-
First-Quarter-Results.html

10
iPhone/iPad in Business (2/2)
iOS design, features, and architecture
– https://www.apple.com/iphone/business/it/
– https://www.apple.com/ipad/business/it/
iOS security model (Feb’14)
– Updates: System Software Authorization
• A7 processor - Security Enclave coprocessor
https://www.apple.com/iphone/business/docs/iOS_Security_Feb14.pdf

11
System Software Authorization (1/2)
To prevent devices from being downgraded
– Older versions lack the latest security updates
• “An attacker who gains possession of a device could install an
older version of iOS and exploit a vulnerability that’s been fixed
in the newer version”
• Jailbreak?
iTunes or wirelessly over the air (OTA)
– Full copy of iOS or only the components required
Connects to Apple’s installation authorization server
– Crypto measurements for each part of installation bundle
(LLB, iBoot, kernel & OS image), nonce & ECID (device
unique ID)

12
System Software Authorization (2/2)
Authorization server checks measurements against
versions permitted by Apple
– Allows only latest version for each device model
• Narrow signing window (~24h)
– Apple signs measurements, nonce and ECID
• Per device (ECID) and per restore (nonce)
Every firmware installation is remotely verified
(signed) by Apple during every restore or upgrade
– Started with iPhone 3G[S] & iOS 3 (using ECID only)
• "Verifying restore with Apple...“
– iTunes “personalizes” the firmware file (ECID…): SHSH

13
Apple iOS Downgrade (1/3)
SHSH blobs and APTickets
– Signature HaSH (SHSH blobs) and nonce (APTicket)
• Cydia (saurik) & redsn0w (Musclenerd) & iFaith (iH8sn0w)
TSS Center (Cydia), redsn0w,TinyUmbrella, iFaith…
– MitM (& cache) signature server: gs.apple.com
• Source: http://svn.saurik.com/repos/menes/trunk/cysts/
– The verifier was the Tatsu Signing Server (TSS)
• Spidercab (Apple internal equivalent), running at ‘tatsu-
tss-internal.apple.com’ (Apple VPN), is used to sign old
versions...
http://www.saurik.com/id/12 (iOS 3.x)
http://www.saurik.com/id/15 (iOS 6.x)

14
SHSH blobs
– SHA-1 hashes (160-bit digests)
– iPhone Software (IPSW) file (ZIP file)
• Build manifest: BuildManifest.plist
– List of files and their content (+ Apple integrity signature) digests
• “Personalization” process
– Build manifest  TSS request  Apple  SHSH blobs  Replace
files signature section with SHSH blobs
APTickets
– Introduced with iOS 5.x
– Block of data with digest for all files used during boot
• No IPSW file “personalization” any more (APTicket)
• Contains a “nonce” (anti-replay mechanism - uncacheable)

15
Caching the uncacheable
– Restore to very old iOS versions (no APTicket)
– Downgrade tricks history
• http://www.jailbreakqa.com/faq#32763 …
– Exploits for reusing APTickets
No way to downgrade from iOS 6.x to older versions
on newer devices (as of April 2013)
– Eligible older devices
• iPhone 4 & 3G[S], iPad, and iPod Touch 4th (A4 processor)
– limera1n BootROM exploit (redsn0w can dump TSS info from device)
• iPad2
– Go from iOS 5 (or 6) to iOS 4 (no APTicket) and back to iOS 5
• iPad 2, 3 & iPhone 4s: From iOS 5 to any other iOS 5 version
Requirement: TSS information previously saved

16
iOS Support Matrix
http://iossupportmatrix.com

17
Can We Manipulate the iOS Update
Process?
Without a new BootROM exploit

18
Relevant iOS 5 Change
Over the Air (OTA)
– iOS software updates
• Settings - General - Software Update
– iTunes data sync & backup over Wi-Fi
• iTunes 10.5+
– Options – Sync with this iPhone over Wi-Fi
– iCloud backup
• Settings - iCloud - Storage & Backup
Apple fans behavior change: Getting rid of the USB cables

19
iOS OTA Update Process
HTTP (vs. HTTPS)
– iOS software (IPSW) integrity verification
– Software update server: http://mesu.apple.com
Automatically used by iOS…
– … or manually launched by the user
• Settings - General - Software Update
iOS software update (plist) file (XML format)
– References (URLs) to all the current iOS version files
• http://appldnld.apple.com

20
Main iOS SW Update Files
iOS software update (plist) file
– http://mesu.apple.com/assets/
com_apple_MobileAsset_SoftwareUpdate/
com_apple_MobileAsset_SoftwareUpdate.xml
iOS software update documentation (plist) file
– http://mesu.apple.com/assets/
com_apple_MobileAsset_SoftwareUpdateDocumentation/
com_apple_MobileAsset_SoftwareUpdateDocumentation.xml
iOS 5.0 (GM) was not offered via OTA
– iOS 5.0 betas (4-7) & 5.1 beta 2 were offered via OTA
– iOS 5.0.1 was the first public OTA version

21
iOS 5.x & 6.x

22
iOS 5 & 6: HEAD Request
HEAD /assets/com_apple_MobileAsset_SoftwareUpdate/
com_apple_MobileAsset_SoftwareUpdate.xml HTTP/1.1
Host: mesu.apple.com
User-Agent: MobileAsset/1.0
Connection: close
Content-Length: 0
HEAD /assets/com_apple_MobileAsset_SoftwareUpdate/
User-Agent: $%7BPRODUCT_NAME%7D/1 CFNetwork/548.0.4
Darwin/11.0.0
Content-Length: 0
Connection: close

23
iOS 5 & 6: HEAD Response
HTTP/1.1 200 OK
Server: Apache
ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"
Content-MD5: oNVyoddHvxLCsQeRblBskw==
Last-Modified: Tue, 07 Jan 2014 17:45:50 GMT
Accept-Ranges: bytes
Content-Length: 283956
Content-Type: application/xml
Date: Mon, 20 Jan 2014 11:02:00 GMT
Connection: close
If it contains a date greater than the
date from the last update, it will ask
for the new content: GET.

24
iOS 5 & 6: GET Req & Resp
GET /assets/com_apple_MobileAsset_SoftwareUpdate/
Connection: close
HTTP/1.1 200 OK
Server: Apache
ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"
Date: Mon, 20 Jan 2014 11:02:00 GMT
Connection: keep-alive
...

25
iOS 5 & 6: GET Req & Resp
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Assets</key>
<array>
<dict>
<key>Build</key>
...
<key>OSVersion</key>
<string>7.0.4</string>
...
<key>Certificate</key>
<data>
MIID...YSoiag78twmDRk726aYmxNIfYYpDs0hS7Mw==
</data>
<key>Signature</key>
<data>
LyfS...pvlWlONSzNYx9qZdS6B7Fs6JgHqw9DA1d2w==
</data>
<key>SigningKey</key>
<string>AssetManifestSigning</string>
</dict>
</plist>
Same behavior with the iOS SW update documentation file

26
Last-Modified: Date
Can we manipulate the iOS update process?

28

29
Man in the Middle (MitM) attacks
– Do you remember the Wi-Fi network impersonation
attacks from last year Rooted CON 2013?
• http://www.dinosec.com/docs/RootedCON2013_Taddong_RaulSiles-WiFi.pdf
• http://vimeo.com/70718776
iProxy
– Python MitM tool
• Twisted (https://twistedmatrix.com)
– Event-driven networking engine (e.g. sslstrip)
– Implements both StarWars and Matrix attacks
• Multiple and flexible options
Vulnerability Exploitation

30
“These aren’t the updates you’re looking for”

31
StarWars Attack
Block and/or drop the HEAD request (timeout)
– Fail: It sends a GET request
– Block and/or drop the GET request (timeout)
• Fail: Error message
– When the user manually checks for updates
– “Unable To Check for Update”
Change the “Last-Modified” header of the HEAD
response to the past
– “These aren’t the updates you’re looking for”
DEMO

32
“This is your last chance. After this, there is no turning back. You take
the blue pill - the story ends, you wake up in your bed and believe
whatever you want to believe. You take the red pill - you stay in
Appleland and I show you how deep the rabbit-hole goes.”

33
Matrix Attack
Change the “Last-Modify” header of the HEAD
response to the future
– Forcing a GET request
Change the contents of the GET response
– Fail: The response contents are signed
– Replay attacks?
Change the “Last-Modify” header of the GET
response to the future & provide a previous file
– “You’re inside the Matrix”
• No more updates up to that future date
DEMO

34
iOS Software Update Files Repo

35
iOS 7.x

36
iOS 7: GET Request
GET /assets/com_apple_MobileAsset_SoftwareUpdate/
If-Modified-Since: Tue, 07 Jan 2014 17:45:50 GMT
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-us
HEAD request removed from iOS 7
It discloses the date from the last
update stored on the iOS device:
THANKS iOS! 

37
iOS 7: GET Response (304)
If there is no new update from that date…
HTTP/1.1 304 Not Modified
ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"
Date: Mon, 20 Jan 2014 12:35:20 GMT

38
iOS 7: GET Response (200)
If there is a new update from that date…
HTTP/1.1 200 OK
Server: Apache
ETag: "a0d572a1d747bf12c2b107916e506c93:1389116985"
Date: Mon, 20 Jan 2014 11:02:00 GMT
<?xml version="1.0" encoding="UTF-8"?>
...
<plist version="1.0">
<dict>
...
<key>OSVersion</key>
<string>7.0.4</string> ...

39
Temporary vs. Permanent attacks

40
StarWars Attack
Block and/or drop the GET request (timeout)
– Fail: Error message
• When the user manually checks for updates
• “Unable To Check for Update”
Send a 304 response
– “These aren’t the updates you’re looking for”
• Change the “Last-Modified” header of the GET request to the
future to get a 304 from Apple’s server
• Change the GET response manually to 304
This 304 Jedi trick does not work for iOS 6
DEMO

41
Matrix Attack
Change the contents of the GET response
– Fail: The response contents are signed
– Replay attacks?
Change the “Last-Modify” header of the GET
response to the future
– “You’re inside the Matrix”
• No more updates up to that future date
DEMO

43
Vulnerability Details
Affects iOS 5.x - 7.x (up to the latest version)
– iOS 5.0 released on October 12, 2011
– Vulnerability discovered on early 2012, between…
• 5.0.1 (Nov 10, 2011) & 5.1 (March 7, 2012)
• It has survived multiple iOS versions: 5, 6 & 7
– Long time verifying it has not been fixed
– Long time collecting iOS software update files (plist XML files)
Targeted and very carefully planned attacks
– Plenty of time to launch future attacks
• Forever (persistent - Matrix) or between iOS updates (now)
Stealthy attacks
– The update freeze can be reverted back silently

44
Vulnerability Limitations
Cannot be used to downgrade to a previous
version, but to remain on the current version
Can by bypassed via iTunes
– Different update check mechanism (HTTPS)
– Temporarily, as iTunes does not change the iOS
device update state if cancelled
– What is the current iOS update user behavior?
• iTunes or OTA

45
Vulnerability Usage
Outside the information security field…
People complaining because they didn’t want to
update from iOS 6 to iOS 7
– Huge user interface (GUI) change they didn’t like
But their iOS device used +1Gb of space (e.g. 16Gb
iPad) just to locally store the new iOS 7 update
– New update is available
– Download update
– Install update
“Unwanted iOS 7 occupying space on iOS 6 devices”
Freeze the iOS device at iOS 6 and never get iOS 7 

46
Vulnerability Exploitation
Freeze the version of a target device and wait for the next succulent
iOS update fixing a critical flaw
Wait… that sounds like… goto fail;
– Speculation: Released on February 21, 2014 (although it is older)
• Without any public researcher recognition (Apple?)
– For iOS 7.0.6 & 6.1.6, but not for OS X Mavericks (10.9) – in a hurry?
– CVE-2014-1266
• Lack of proper certificate validation: DHE & ECDHE
• https://www.imperialviolet.org/2014/02/22/applebug.html
https://www.gotofail.com

47
Vulnerability Disclosure: History
Vulnerability discovered on early 2012
– +2 years (or +750 days or +…)
– Obtained a copy of the iOS software update file for 5.0 & 5.0.1 from
other researchers (March 2012), but not the early doc update files
Vulnerability notified to Apple on February 6, 2014
– The "Month and a Day Rule“ (“Yes We Can” )
E-mails
– Feb 6: Standard Apple automated response confirming reception
– Feb 14: Apple asked for PoC for permanent disabling
• Sent a detailed response clarifying the attack techniques
• “Thanks for the clarification.”
A victim iPad got a new update on March 1, 2014
– Last Saturday: “Apple has changed something on their servers!”
• Without sending any notification to the researcher…
• … and trying to break his demo at Rooted CON 2014

48
Vulnerability Disclosure: Today1…

49
We don’t learn from the past! 
Vulnerability Fix(es)
Why OTA SW updates didn’t use HTTPS by design?
– Did Apple put too much trust on the IPSW integrity verification?
• Lack of verification of the update contents (e.g. evilgrade, 2010)
– Lack of verification of the update checks
• Differentiate between update checks and update contents
– httpS://mesu.apple.com & http://appldnld.apple.com
• Caching responses for sensitive checks is probably not a good idea
• Certificate pinning?
– Performance impact?
• Again, differentiate update checks from update contents
– Conspiracy theory or… another developer ‘mistake’
• Design, implementation, Q&A, security testing… (Apple?)
MDM solutions: Verify the latest version is applied

50
Real Vulnerability Impact (1/2)
How many people could I (or others knowing about this,
e.g. NSA) have attacked using this ‘simple’ vulnerability?
– During the last +2 years
– Considering all the potential victims available worldwide
• Some of them very relevant and managing very sensitive information
– By freezing their device to an old & vulnerable iOS version…
• Temporarily or permanently
– … in order to exploit other iOS vulnerabilities, such as…
• 197 vulnerabilities fixed in iOS 6.0
• 80 vulnerabilities fixed in iOS 7.0
• Other critical vulnerabilities fixed in intermediate iOS 5.x, 6.x & 7.x versions
– More than 20 iOS lock screen bypass vulnerabilities between iOS 5.x-7.x
– Ending up with the last goto fail in iOS 7.0.6
• Including multiple jailbreaks available meanwhile (wait for the next one…)
– Silently, without the victim users noticing
• And even with the option of stealthily reverting the attack back…

51
Freezing iOS from iOS 6 to iOS 7… 
Real Vulnerability Impact (2/2)
… with one single exception, where the user
might have noticed the lack of an iOS update

52
This is the world we live in…
… overly dependent on technology,
highly sophisticated, but still immature
and very vulnerable

53
Produced by:
Directed by:
Casting by:
IPSW Assistant:
iOS5.0 & 5.0.1 files:
(March 2012)
Music by:
Costume Designer:
Credits
Raúl Siles
Mónica Salas
E & E
Apple
Jorge Ortiz
Jay Freeman (saurik)
Jan Hindermann
Siletes
camisetasfrikis.es

54
Questions?

55
w w w. d in os ec. com
@dinosec
Raú l Siles
rau l@d in os ec. com
@rau ls iles

Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]

Ähnlich wie Raul Siles - iOS: Regreso al futuro [Rooted CON 2014] (20)

Mehr von RootedCON

Mehr von RootedCON (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Raul Siles - iOS: Regreso al futuro [Rooted CON 2014]