backtop


Print 13 comment(s) - last by AllYourBaseAre.. on Feb 27 at 5:27 PM

SSL-breaking bug was present for the last year and a half, but is fortunately finally fixed on both platforms

Apple, Inc. (AAPL) is the master of trying minimize image damage when it comes to security problems, but as its products have become more popular, rising numbers of attacks have forced it to move from inaction with a helping of arrogant denial to a more responsible patching pace.

I. Copy, Paste, and Facepalm

On Friday Apple rolled out an iOS update for its iPods, iPhones, and iPads  -- iOS 7.0.6. Unlike some past minor updates, this release consisted of a single fix under the byline "data security".

This turned out to be a whopper of a one-line bug.


The bug damaged encryption on Macs and iOS devices alike.

Like Microsoft Corp. (MSFT) Apple is moving towards common libraries between iOS (mobile) and OS X (traditional PC) -- something Linux has long made standard.  As this error was in the common library (sslKeyExchange.c) that handled SSL certificates, it basically endangered encryption on all of the core services of OS X and iOS, plus whatever services you might visit via the internet or third party apps.  Literally everything was at some risk.

See if you can spot the bug.

Apple fail

In C-language, if the statement following an if is unbracket, it's assuming that the conditional action is only a single semicolon-terminated statement.  So the author likely copied and pasted on accident a second failure jump.  This statement is always executed if it gets past the second conditional, meaning that the third conditional is never evaluated.
 
So assuming the initial check passed a pass is stored in err, and skipping the validation the code thinks it has a valid certificate.
 
II. Put Your Trust in me
 
SSL Certificates work kind of like a driver's license.  If a cop pulls you over they can tell instantly that you're old enough to be driving, what state you're a resident in, your address, your trustworthiness (based on your criminal history), etc.
 
But what if you gave a fake ID?  You need a way of validating that identification in real time.  For a cop that might mean visually confirming the face matches the license and calling in to a dispatcher to run the license through a database to look for discrepancies.  For SSL it involves exchanging keys to establish trust and that your certificate is real.
 
But due to the error the process of validating the certificate was skipped, meaning that if it looked like the certificate was valid it would trust whatever you sent after that.

Podgraphics
[Image Source: Podgraphics]

That allows an attacker to spot the communication (via packet sniffing) and launch a fake response made to appear to have originated from the secured server. 
 
So-called man-in-the-middle attacks are difficult to do remotely for a couple of reasons.  First, many communications are time-sensitive meaning that you will need to simulate the real response time in order to successfully impersonate the target, which generally is only possible if you're close to the target or source.
 
Second you must be able to gather enough traffic in real time to identify users with specific platforms, so as not to reveal your malicious activity by attacking properly protected targets.  In principle this further limits you to being close to the victim.  Lastly, you must be on a point you share unencrypted access to that the target is on.  That adds one more restriction to casual hackers, although of course a superpowered hacker like the U.S. National Security Agency (NSA) might have the resources to monitor unencrypted fiber-optic links between data centers.
 
Obviously losing all encryption and potentially falling victim to mockups of websites that steal your password is very bad news.  And what's worse this vulnerability has been in the wild since it was (presumably accidentally) added in September 2012, with the iOS 6.0 update.  The bug was not present in iOS 5.1.1 or earlier or in OS X 10.7.x (Lion) or earlier.

iPad and iPhones iOS 6.0

Adam Langley ("ImperialViolet") offers a nice example of how he was able to send https traffic from insecure ports thanks to the bug.

It's unclear whether anyone -- aside from whoever within or outside of Apple found the bug -- knew of the bug and actively exploited it before the iOS update/patch went live.

III. Did "Goto Fail" Bug Enable NSA Surveillance

But following Friday's iOS patch the cat was quickly out of the bag.  Thus, for the last several days Apple's personal computer users have been in a precarious positions as OS X 10.9 Mavericks remained vulnerable and reportedly exploits were occurring in the wild:


Coffee shop
The bug reportedly was exploited in the wild at coffee shops and other insecure public locations with lots of Macs. [Image Source: The New York Times]

On Tuesday, Apple rolled out OS X 10.9.2 which combined the fix with other planned Mavericks improvements such as the ability to make and receive FaceTime calls, as well as improvements to core apps such as Mail, iMessage, and Safari.  Apple released a sister patch for those users still on OS X 10.8 (Mountain Lion).
 
While the issue is now resolved and Apple deserves credit for fixing it almost as quickly as it was made public, that's not stopping it from drawing some flak over the possibility that the NSA used the bug to gain access to data users thought was encrypted.
 
In fact some are speculating that it planted the bug on purpose to assist in NSA data collection -- or was infiltrated by an NSA mole that planted the bug.
 
Slide 6 of an NSA slide deck leaked by The Guardian indicates that Apple's platforms were added to the PRISM programs' watch list on October 2012.  While there's a good chance that the timing of the bug's introduction and the NSA finding a way to strip away Apple users' security was not coincidental, Daring Fireball makes a fair argument that the timeline doesn't necessarily indicate an inside job.  As he points out the NSA likely has automated scanners looking for security mismanagement on various platforms.

NSA Apple
[Image Source: NSA via The Guardian]

But then again, the NSA's leaked slides also do reveal a $250M USD payment scheme to top tech companies to purposefully sabotage global encryption.  Plus the NSA was fond of using legal threats against tech firms to coerce compliance.  So we can't exactly rule out an inside job either.
 
The good news is now the "goto fail" bug is fixed, and similar bugs should be able to be found and eliminated thanks to Apple's decision to open up its OS X source with the release of OS X 10.9 Mavericks.
 
In related news, security research this week found a flaw that allowed them to log fingerprint data on the iPhone 5S -- a supposedly "impossible" feat.

Sources: Apple, The Verge, ImperialViolet, Nadim



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

iFail Picture Silhouette
By NovoRei on 2/26/2014 7:12:02 PM , Rating: 3
It looked odd when first seeing the image. After seeing this is a Jason's article it became clear... subliminal dark message.

I just hope others can see it too...




RE: iFail Picture Silhouette
By sgw2n5 on 2/27/2014 10:11:05 AM , Rating: 5
Ya... I think J-Mick has been moonlighting for FreeRepublic lately


Nerd nitpick
By amanojaku on 2/26/2014 7:20:52 PM , Rating: 2
quote:
In C-language, if the statement following an if is unbracket, it's assuming that the conditional action is only one line long.
The C programming language doesn't understand "lines". It understands "statements". Statements are generally terminated with a semicolon, and they can take up multiple lines. C generally ignores whitespace in code like newlines. So:

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto
fail;

if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;

Would have been valid.

Several people pointed out that the code is sloppy overall. Even though it's extra work, a best practice is to include all statements to be executed by an if in brackets as a block, even if it's just one statement. It should have looked like this:

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) {
goto fail;
}

if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) {
goto fail;
}


Using this format, a duplicate goto fail; would have stood out like a sore thumb. Not that I would be using goto for error handling...
quote:
While the issue is now resolved and Apple deserves credit for fixing it almost as quickly as it was made public
Well, it was only one line, so it's not like it was a difficult fix. And considering the scope of the applications affected, Apple had no choice but to fix it quickly. What's sad is that no one caught this for 18 months. A duplicate-statement checker would not have been hard to build.

Even more puzzling is the fact that iOS got the fix days before OS X did. That, and Apple is racking up security wins...
quote:
The problem may be even worse in this case than it looks. "One interesting aspect of this is that [Mac OS X] 10.9.2 patched a large number of serious security vulnerabilities, not just the notorious "goto fail" one," said longtime Apple software developer Mike Ash, who described the list of bugs as "arguably more significant" than the Transport Layer Security problems in "goto fail."
"Apple's culture of secrecy delays security response -- again"

http://news.cnet.com/8301-1009_3-57619533-83/apple...




RE: Nerd nitpick
By Solandri on 2/27/2014 4:13:13 AM , Rating: 2
quote:
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) { goto fail; }

Using this format, a duplicate goto fail; would have stood out like a sore thumb. Not that I would be using goto for error handling...

Using that format, a duplicate goto fail; wouldn't have even caused a problem because it would never be executed.

I was taught to always use the brackets even for a single line because it made it easier to see what the code was doing. My job was to write the code so it was easier for other programmers to follow what I was trying to do. Generating tight code was the compiler's job. So no clever shortcuts in my code unless it was a particular section which needed optimization.


RE: Nerd nitpick
By amanojaku on 2/27/2014 11:22:02 AM , Rating: 3
quote:
Using that format, a duplicate goto fail; wouldn't have even caused a problem because it would never be executed.
True, but only if the duplicate goto fail; was included inside the braces. Since this wasn't properly coded or reviewed, the duplicate goto fail; could have been been placed after the braces, which would be an alternate syntax of the bug causing the exact same behavior. Either way, braces would have made it more likely for the duplicated line to have been spotted. That's why it's a best practice.
quote:
I was taught to always use the brackets even for a single line because it made it easier to see what the code was doing.
You'd think a company as large as Apple (that constantly crows about its superiority) would hire competent folks who write acceptable code. The source code was a mess, and wouldn't have been accepted by me as a QA tester. And I never had formal programming training.


not accidental
By superstition on 2/26/2014 7:07:21 PM , Rating: 5
quote:
In fact some are speculating that it planted the bug on purpose to assist in NSA data collection -- or was infiltrated by an NSA mole that planted the bug.

Apple's security policy is purposefully insecure.

But, of course, there are plenty of other companies working with the government to include flaws.

Microsoft doesn't have the luxury of taking the Apple approach because it's so widely used, especially in enterprise.




credit is NOT due
By alpha754293 on 2/27/2014 12:44:44 PM , Rating: 4
"Apple deserves credit for fixing it almost as quickly as it was made public"

Apple was first notified of the SSL bug by one of the "security researchers" MONTHS ago, and it's only until s*** hit the BIG fan (mass/mainstream media) that they moved quicker to get it fixed/patched up.

Considering that it's present in devices with iOS as early as 6.1.3 (based on feedback from one of my friends), but all my iOS 5 and earlier devices are fine...it would be very difficult for Apple to play this off as just a "simple mistake".




Picture Excess
By compuser2010 on 2/27/2014 3:47:30 AM , Rating: 2
Jason, I think you need to lay off the img tag. Reminds me of the days of LIFE magazine.




Merge FAIL
By AllYourBaseAreBelong2Us on 2/27/2014 5:27:33 PM , Rating: 2
That's clearly a code merge epic failure or just a soon-to-be-fired developer at Apple who neglected to check and repair code merge conflicts.




By ritualm on 2/26/2014 10:18:24 PM , Rating: 3
As we've seen over the past year since June,
quote:
what makes YOU think the NSA is interested in ANYTHING you're doing?

the NSA is interested in EVERYTHING you're doing. Even if you suspect that you're being spied on, you're not allowed to be aware of that because the government treats it as matters of national security, while simultaneously claiming they're "doing it to protect you".

You can't be seriously this naive. What we currently know about the NSA makes us uneasy. What we don't know about the NSA scares us even more.


By atechfan on 2/27/2014 7:36:48 AM , Rating: 2
quote:
Xelgions from Zorbzkp's 3rd moon


I heard that they ARE the NSA.


By carigis on 2/27/2014 9:23:41 AM , Rating: 2
my guess is the NSA has certainly exploited the bug.. wether they introduced it or not.

Also, I don't think its necessarily a "what makes YOU think the NSA is interested in ANYTHING you're doing?" situation. like the weakening encryption situation.. even if done for legitimate intelligence reasons it puts everyone at higher risk of abuse from someone else who discovers and exploits the error..


"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki