-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2014-013


Title: Man-in-the-Middle Attack Against Email Synchronization


Version history:

19.02.2014 Initial publication


Summary
=======

The attack consists in spoofing a SSID of a WiFi network to which
devices try to connect (most devices actively advertise SSIDs of all
networks known to them). Once a device connects to such network and
tries to synchronize e-mails, a malicious server inside the spoofed
network may potentially be able to access the email credentials. In case
the SSL is used, a such server may try to impersonate the target email
server and perform the SSL handshake, if the device is set to accept
self-signed certificates.

This type of attack, which was presented at the Black Hat conference in
2012 [1], affected some of the CERT-EU constituency. The vulnerability
to this attack vector is not specific to our constituents; it is not
even specific to Microsoft's Active Sync. Other enterprise services
(webmail, access to the intranet from outside the enterprise etc.) are
also potentially vulnerable to this type of attack.


Background
==========

The attack vector that has apparently been used is the creation of a
rogue wireless access point to allow a man-in-the-middle attack against
services which are accessed by mobile devices (phones, tablets or
laptops).  The attacker may have used an existing, legitimate and
trusted enterprise SSID to spoof and existing wireless network. The
attack could also have used self-signed certificates to impersonate the
enterprise services offered to the mobile device.

Depending on the type and version of the operating system on the mobile
device the user may have received a warning message prompting him/her to
accept the self-signed certificate but this is not always the case.

The attack exploits the fact that there is no end-to-end security
channel between the server and mobile devices. This is particularly the
case with BYOD situations. Such a secure channel can only be maintained
if the trust can be controlled from the server side and the client side.
 In order to do this the enterprise needs to be in control (at least
partly) of the client.

There does not exits a short-term "silver bullet" solution. The risk can
be mitigated in various degrees by the following solutions:

- - MDM (Mobile Device Management) involving end-to-end solutions taking
control over the mobile devices or at least over a partition on the
mobile device that communicates with the enterprise services. The
solution can cover all enterprise services.

- - VPN (virtual private network) connections to all enterprise services
can create a safe channel, but this will also encompass the installation
of specific software of the client side and control over its usage.


What can you do?
================

Short term:

Prevention measures:

- - Advice to users not to use public wireless but rather to opt for 3G/4G
communications (taking in account budgetary issues too).
- - Configure SSL for ActiveSync with a certificate signed by a valid CA.
This is a fast and inexpensive countermeasure which, although cannot
avoid completely the attack, can mitigate it, as far as some mobile
clients change their behavior once they have authenticated the server
with a valid certificate [1].
- - Advice users never to accept a self-signed or untrusted certificate in
their email synchronization, browsing or in the settings of their device.
- - Provide the users with a short list of mobile devices which are least
exposed to this kind of attack vector.

Mitigation of exploitation:

- - Increase monitoring on the access to enterprise accounts from outside
the premises, by implementing alerts on anomalous usage.
- - Set up an incident response process that includes access to the
private devices in case of need.
- - Enforce password change policy at regular times and enforce strong
passwords.

Mid-term, consider some of these options:

- - Assess the VPN solution and implement it if appropriate.
- - Assess and implement an MDM solution which takes into account
security, usability and risk assessment with respect to intrusions.


More information
================

[1] Black Hat Conference:
https://media.blackhat.com/bh-us-12/Briefings/Hannay/BH_US_12_Hannay_Exchanging_Demands_WP.pdf
Slides
https://media.blackhat.com/bh-us-12/Briefings/Hannay/BH_US_12_Hannay_Exchanging_Demands_Slides.pdf
Proof-of-Concept
https://media.blackhat.com/bh-us-12/Briefings/Hannay/BH_US_12_Hannay_Exchanging_Demands_Code.zip
Video
https://media.blackhat.com/us-12/video/us-12-Hannay-Exchanging-Demands.mp4

http://www.cpni.gov.uk/advice/cyber/mobile-devices/
http://technet.microsoft.com/en-us/magazine/hh316170.aspx
https://cio.gov/wp-content/uploads/downloads/2013/05/Mobile-Security-Reference-Architecture.pdf
http://technet.microsoft.com/en-us/library/bb430761%28v=exchg.141%29.aspx


Best regards,


CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJTBOdfAAoJEPpzpNLI8SVoCiUP+wehL3SrlSe06au1gu1FdaLX
q0vqngjSYc8uEUOwVIuCSRE2U1IPEEsUxrbQ+PiqVU0ydJcZSSvobTE9DXHKJlhW
BnAnaiivZB83QS7vg6dIZnXmEqCmzt027cKloFYJ5TiTPjhTIC7q9c0+JjdaU5QW
RGPW9KK6HLgGEoLI/YwMWM5N2wnuH6kV+9Jn/JSv3nksTLm4a72QMRSL2sfYcD3g
owLP23B5M9owx0St8FytK+Tc9yXYUCLXRnCV6txKO7jozHCubOt15ngsHiT+Lsxx
Kcehf7CuVR6EuAQh50nkaRKfO6+7Oq9/ycQ0kgO7GH5pByPAY/AjlKUb7b+tJOgg
dw+2okXrXhs44RcICqB819SaKgUKlCEMCBTs6YZcQqnJ4yCwViKoBpaLsujaiM1S
Q31Q90cmc5zTGNFT9tiW1gNzXMc6HKnChPsi4YtLvHRmYJ0lp4soEcEwt3+9t/6M
j+gM5lFyXpADExSaorV4/kNrzC8mZ3+34RvNA96d144p5aALIC6Lsw4otngO2/4c
53spxRcyihMpgxVs5Ys54nhkpKEwIywIHL1Jme3nJaQTV0+FpO4Ch+x1jpmEMGPJ
MeZuHdUrrc/IFyM8sIM7ZAChlBGBos6u4TRO/fI/H9GkZ981AYaIQxYRaWFc3knn
J4XLhvzx00vPmGpZnPwR
=eQS9
-----END PGP SIGNATURE-----