-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-013 Title: Man-in-the-Middle Attack Against Email Synchronization Version history: 19.02.2014 Initial publication Summary ======= The attack consists in spoofing a SSID of a WiFi network to which devices try to connect (most devices actively advertise SSIDs of all networks known to them). Once a device connects to such network and tries to synchronize e-mails, a malicious server inside the spoofed network may potentially be able to access the email credentials. In case the SSL is used, a such server may try to impersonate the target email server and perform the SSL handshake, if the device is set to accept self-signed certificates. This type of attack, which was presented at the Black Hat conference in 2012 [1], affected some of the CERT-EU constituency. The vulnerability to this attack vector is not specific to our constituents; it is not even specific to Microsoft's Active Sync. Other enterprise services (webmail, access to the intranet from outside the enterprise etc.) are also potentially vulnerable to this type of attack. Background ========== The attack vector that has apparently been used is the creation of a rogue wireless access point to allow a man-in-the-middle attack against services which are accessed by mobile devices (phones, tablets or laptops). The attacker may have used an existing, legitimate and trusted enterprise SSID to spoof and existing wireless network. The attack could also have used self-signed certificates to impersonate the enterprise services offered to the mobile device. Depending on the type and version of the operating system on the mobile device the user may have received a warning message prompting him/her to accept the self-signed certificate but this is not always the case. The attack exploits the fact that there is no end-to-end security channel between the server and mobile devices. This is particularly the case with BYOD situations. Such a secure channel can only be maintained if the trust can be controlled from the server side and the client side. In order to do this the enterprise needs to be in control (at least partly) of the client. There does not exits a short-term "silver bullet" solution. The risk can be mitigated in various degrees by the following solutions: - - MDM (Mobile Device Management) involving end-to-end solutions taking control over the mobile devices or at least over a partition on the mobile device that communicates with the enterprise services. The solution can cover all enterprise services. - - VPN (virtual private network) connections to all enterprise services can create a safe channel, but this will also encompass the installation of specific software of the client side and control over its usage. What can you do? ================ Short term: Prevention measures: - - Advice to users not to use public wireless but rather to opt for 3G/4G communications (taking in account budgetary issues too). - - Configure SSL for ActiveSync with a certificate signed by a valid CA. This is a fast and inexpensive countermeasure which, although cannot avoid completely the attack, can mitigate it, as far as some mobile clients change their behavior once they have authenticated the server with a valid certificate [1]. - - Advice users never to accept a self-signed or untrusted certificate in their email synchronization, browsing or in the settings of their device. - - Provide the users with a short list of mobile devices which are least exposed to this kind of attack vector. Mitigation of exploitation: - - Increase monitoring on the access to enterprise accounts from outside the premises, by implementing alerts on anomalous usage. - - Set up an incident response process that includes access to the private devices in case of need. - - Enforce password change policy at regular times and enforce strong passwords. Mid-term, consider some of these options: - - Assess the VPN solution and implement it if appropriate. - - Assess and implement an MDM solution which takes into account security, usability and risk assessment with respect to intrusions. More information ================ [1] Black Hat Conference: https://media.blackhat.com/bh-us-12/Briefings/Hannay/BH_US_12_Hannay_Exchanging_Demands_WP.pdf Slides https://media.blackhat.com/bh-us-12/Briefings/Hannay/BH_US_12_Hannay_Exchanging_Demands_Slides.pdf Proof-of-Concept https://media.blackhat.com/bh-us-12/Briefings/Hannay/BH_US_12_Hannay_Exchanging_Demands_Code.zip Video https://media.blackhat.com/us-12/video/us-12-Hannay-Exchanging-Demands.mp4 http://www.cpni.gov.uk/advice/cyber/mobile-devices/ http://technet.microsoft.com/en-us/magazine/hh316170.aspx https://cio.gov/wp-content/uploads/downloads/2013/05/Mobile-Security-Reference-Architecture.pdf http://technet.microsoft.com/en-us/library/bb430761%28v=exchg.141%29.aspx Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJTBOdfAAoJEPpzpNLI8SVoCiUP+wehL3SrlSe06au1gu1FdaLX q0vqngjSYc8uEUOwVIuCSRE2U1IPEEsUxrbQ+PiqVU0ydJcZSSvobTE9DXHKJlhW BnAnaiivZB83QS7vg6dIZnXmEqCmzt027cKloFYJ5TiTPjhTIC7q9c0+JjdaU5QW RGPW9KK6HLgGEoLI/YwMWM5N2wnuH6kV+9Jn/JSv3nksTLm4a72QMRSL2sfYcD3g owLP23B5M9owx0St8FytK+Tc9yXYUCLXRnCV6txKO7jozHCubOt15ngsHiT+Lsxx Kcehf7CuVR6EuAQh50nkaRKfO6+7Oq9/ycQ0kgO7GH5pByPAY/AjlKUb7b+tJOgg dw+2okXrXhs44RcICqB819SaKgUKlCEMCBTs6YZcQqnJ4yCwViKoBpaLsujaiM1S Q31Q90cmc5zTGNFT9tiW1gNzXMc6HKnChPsi4YtLvHRmYJ0lp4soEcEwt3+9t/6M j+gM5lFyXpADExSaorV4/kNrzC8mZ3+34RvNA96d144p5aALIC6Lsw4otngO2/4c 53spxRcyihMpgxVs5Ys54nhkpKEwIywIHL1Jme3nJaQTV0+FpO4Ch+x1jpmEMGPJ MeZuHdUrrc/IFyM8sIM7ZAChlBGBos6u4TRO/fI/H9GkZ981AYaIQxYRaWFc3knn J4XLhvzx00vPmGpZnPwR =eQS9 -----END PGP SIGNATURE-----