
ç§ãã¡ã¯ãã¢ãã€ã«ãã³ãã³ã°ã»ãã¥ãªãã£ã®ããŒããç¶ç¶ããŸãã ãããããå€ãã®äººããã§ã«æšæž¬ããŠããããã«ããã®èšäºã®ã¹ããŒãã¯ãäžéè ãæ»æã§ããMitMã«çŠç¹ãåœãŠãŸãã ãã®æ»æã¯å¶ç¶ã§ã¯ãããŸããã§ããã ã¢ãã€ã«ãã³ãã³ã°ã¢ããªã±ãŒã·ã§ã³ãšãµãŒããŒéã®ããŒã¿è»¢éãã£ãã«ãæ»æè ã«ãã£ãŠå¶åŸ¡ãããŠããå Žåãæ»æè ã¯ã¯ã©ã€ã¢ã³ãã®ã¢ã«ãŠã³ããããéãçãããšãã§ããŸããã€ãŸããçŽæ¥çãªééçæ害ãåŒãèµ·ããå¯èœæ§ããããŸãã ãããããŸãæåã«ã
äžè¬ã«ããã®ç 究ãå®æœããåæ©ã¯2ã€ã®çç±ã«ãããŸãã æåã«ããããžã§ã¯ããããããžã§ã¯ããžãšãè匱æ§ã«ã€ããŠã®æ²ããçµµãç¹°ãè¿ãèŠãããŸãã ç£æ»ã«ãããšã顧客åãã®ãããªãããã³ã°MBãå«ãå¥ã®ã·ã§ãŒããã£ã«ã ãå€æããŸããã 次ã«ã2ã€ã®éåžžã«èå³æ·±ãåºçç©ãçºè¡šãããŸããã ãäžçã§æãå±éºãªã³ãŒãïŒéãã©ãŠã¶ãœãããŠã§ã¢ã§ã®SSL蚌ææžã®æ€èšŒããšãå¿çšäžçã§ã®SSLéçºã®åèãã§ãã ãããããŸãæåã«ã
äžéè
ãMitMãæ»æãå®è£ ããããã®äž»ãªã·ããªãªïŒ
-ãŠãŒã¶ãŒãåœã®Wi-Fiã¢ã¯ã»ã¹ãã€ã³ãã«æ¥ç¶ããã ããã¯ãæãäžè¬çã§å®éã®MitMæ»æã·ããªãªã§ãã ã«ãã§ãã·ã§ããã³ã°ãããžãã¹ã»ã³ã¿ãŒã§ç°¡åã«åçŸã§ããŸãã ãã®æ»æã®ãœãããŠã§ã¢ã¯ããããªãã¯ãã¡ã€ã³ã§ç°¡åã«èŠã€ããããšãã§ããŸãã
-åœã®ãªãã¬ãŒã¿ãŒããŒã¹ã¹ããŒã·ã§ã³ãžã®æ¥ç¶ã ãã®ã¹ããŒã ã¯ãããŒããŠã§ã¢ãšãœãããŠã§ã¢ã®è±å¯ãªéžæãšãã®äœã³ã¹ãã«ããã倧è¡ã«ãšã£ãŠããã¢ã¯ã»ã¹ãããããªã£ãŠããŸãã ç¶æ³ã¯å¯èœãªéãè¿ éã«å¶åŸ¡äžã«çœ®ãããå¿ èŠããããŸãã
-ææãããããã¯ãŒã¯æ©åšã®äœ¿çšã ãããã¯ãŒã¯æ©åšã®ææã¯ããã®äžã§ã®æªæã®ããã³ãŒãã®å®è¡ã ãã§ãªããããšãã°è匱æ§ãä»ããæšçãšãªãæªæã®ããåæ§æãšããŠãç解ãããŸãã ãã®ãããªæ»æã®å®è£ ã®å€ãã®äŸã¯ãã§ã«ç¥ãããŠããŸãã
ãããã¯ãèããããå€ãã®ã·ããªãªã®ã»ãã®äžéšã«ãããªãããšãèšã䟡å€ããããŸãã æ»æè ãå¿ èŠãšããäž»ãªããšã¯ã被害è ãããµãŒããŒãžã®ãããã¯ãŒã¯ãã©ãã£ãã¯ãã被害è ãå¶åŸ¡ãããã¹ããééããããã«ããããšã§ãã
æªæã®ããSOHOã«ãŒã¿ãŒ
Team Cymruã®ã¡ã³ããŒããã®ãã°ãããçºèŠãšç 究 -圌ãã¯ãå éšãããã¯ãŒã¯ã«äŸµå ¥ããŠDNSèšå®ãç¬èªã®ãã®ã«å€æŽãããã«ãŠã§ã¢ãçºèŠããŸããã ããã¯ã©ãããæå³ã§ããïŒ çŸåšã§ã¯ãå éšã®ãã·ã³ã ãã§ãªããWiFiãä»ããŠãããã®ã«ãŒã¿ãŒã«åºå·ããŠãããã¹ãŠã®ã¢ãã€ã«ããã€ã¹ããæ»æè ã«ãã£ãŠå¶åŸ¡ãããŠãããµã€ãã«ãªãã€ã¬ã¯ããããŠããŸãã ãããŠãããã«ã¯ãã®ãããªè€éãªMiTMããããŸãã
Wi-Fiãããã¯ãŒã¯ãåããã¢ãã€ã«ããã€ã¹ã®è©³çŽ°ïŒ
-æ¢ç¥ã®Wi-Fiãããã¯ãŒã¯ã«èªåçã«æ¥ç¶ïŒPNLãåªå ãããã¯ãŒã¯ãªã¹ãã«åºã¥ãïŒ
oã©ãã§ãç°¡åãªæ¹æ³ã§ç¡å¹åãŸãã¯æ§æã§ããããã§ã¯ãããŸãã
-ãããã¯ãŒã¯IDã¯ãSSIDïŒãããã¯ãŒã¯åïŒãšã»ãã¥ãªãã£èšå®ã«åºã¥ããŠããŸã
-è€æ°ã®æ¢ç¥ã®ãããã¯ãŒã¯ãããå ŽåãåOSã®æ¥ç¶ã®éžæã¯ç°ãªããŸã
æ»æè ã¯ãã¢ãã€ã«ããã€ã¹ã®æ¢ç¥ã®ãããã¯ãŒã¯ãšå®å šã«åäžã®ç¬èªã®Wi-Fiãããã¯ãŒã¯ãå±éã§ããŸãã ãã®çµæãããã€ã¹ã¯ãã®ãããªã¢ã¯ã»ã¹ãã€ã³ãã«èªåçã«æ¥ç¶ãããããä»ããŠæ©èœããŸãã ããšãã°ã KARMAããã°ã©ã ã䜿çšããŸãã ãã®ãããªã¹ããŒã ãšä¿¡é Œã§ãããããã¯ãŒã¯ã®åçŽãªç®¡çã®æ¬ åŠã«ãããæ»æè ã«å¯ŸãããMitMãã®å®è£ ãç°¡çŽ åãããŸãã
ãã£ã³ãã«ä¿è·
äžæããåã«ããããã§ããªãåå ã調ã¹ãŠã¿ãŸãããã
ã»ãã¥ã¢ãã£ãã«ãšã¯ãããŒã¿è»¢éãä¿èšŒããããã«æå·åãšæŽåæ§å¶åŸ¡ã䜿çšããããã£ãã«ãæå³ããŸãã ãã ãããã¹ãŠã®æå·åã¢ã«ãŽãªãºã ãæ°žç¶çã§ããããã§ã¯ãªããæå·åãåžžã«æ£ãã䜿çšãããããã§ã¯ãªãããšãå¿ããªãã§ãã ããã
ãã£ãã«ã¯ã3ã€ã®äž»èŠãªã°ã«ãŒãã«åé¡ã§ããŸãã
-ãªãŒãã³
æ»æè ã¯ã被害è ãšåããããã¯ãŒã¯äžã«ããããããã¹ãŠã®ã¯ã©ã€ã¢ã³ããšãµãŒããŒã®çžäºäœçšããªãŒãã³ãªåœ¢ã§èŠãããšãã§ããŸãã
-éæšæºã®æ¹æ³ã§ä¿è·ãããŠããŸã
ç§ãã¡ã®å®è·µã瀺ãããã«ãããã¯æè¯ã®è§£æ±ºçã§ã¯ãããŸãããéä¿¡ãããããŒã¿ã®äŸµå®³ã«ã€ãªããå€ãã®ãšã©ãŒã«ã€ãªãããŸãã
-æšæºçãªæ¹æ³ã§ä¿è·ãããŠããŸã
æãäžè¬çãªãªãã·ã§ã³ã¯SSL / TLSã§ã

蚌ææžæ€èšŒããã»ã¹
ãã®ã¹ããŒã ã®æäœæ§ã確ä¿ããããã«ãããã€ã¹ã«ã¯ä¿¡é Œã§ããã«ãŒã蚌ææžã®ç¹å¥ãªã¹ãã¢ã«ä¿åãããå€ãã®ã«ãŒã蚌ææžïŒCAïŒãããã眲åãããã®ã¯ãã¹ãŠããã€ã¹ã«å¯ŸããŠä¿¡é ŒãããŸãã
蚌ææžã¯æ¬¡ã®ããã«åé¡ãããŸãã
â¢system-ã·ã¹ãã ã«ããªã€ã³ã¹ããŒã«ãããŠããŸã
â¢ã«ã¹ã¿ã -ãŠãŒã¶ãŒãèšå®
蚌ææžã®æ€èšŒã¯ãããã€ã¹ã«éä¿¡ããããã®ããããã€ã¹ãä¿¡é Œããã«ãŒãïŒCAïŒãŸã§ããã§ãŒã³ã«æ²¿ã£ãŠé²ã¿ãŸãã 次ã«ããã¹ãåã倱å¹ãªã©ã®ãã§ãã¯ããããŸãã ã©ã€ãã©ãªãOSãªã©ã®å®è£ ã«å¿ããŠãããã«ãã§ãã¯ãç°ãªãå ŽåããããŸãïŒããã«ã€ããŠã¯ãã¢ããªã±ãŒã·ã§ã³ãæ»æãããšãã«ããã¬ã€ã§ããŸãïŒã
SSLãšAndroid
ããŒãžã§ã³4.0ãŸã§ã®Android OSã§ã¯ããã¹ãŠã®èšŒææžã¯åäžã®ãã¡ã€ã«-Bouncy Castle Keystore Fileã«ä¿åãããŠããŸããã
ãã¡ã€ã«ïŒ/system/etc/security/cacerts.bks
ã«ãŒãæš©éãªãã«å€æŽããããšã¯äžå¯èœã§ãããOSã¯ãããå€æŽããæ¹æ³ãæäŸããŸããã§ããã 蚌ææžã®å€æŽïŒè¿œå ãåãæ¶ãïŒã«ã¯ãOSã®æŽæ°ãå¿ èŠã§ãã
Android 4.0以éã蚌ææžã䜿çšããæ¹æ³ãå€ãããŸããã ããã§ããã¹ãŠã®èšŒææžãåå¥ã®ãã¡ã€ã«ã«ä¿åãããå¿ èŠã«å¿ããŠãä¿¡é Œã§ãã蚌ææžããåé€ã§ããŸãã
æ ŒçŽãããã·ã¹ãã ïŒ/ system / etc / security / cacerts
ã«ã¹ã¿ã ä¿åå ŽæïŒ/ data / misc / keychain / cacerts-added
Android OSã§èšŒææžã衚瀺ããã«ã¯ã[èšå®]-> [ã»ãã¥ãªãã£]-> [ä¿¡é Œã§ãã蚌ææž]ïŒ[èšå®]-> [ã»ãã¥ãªãã£]-> [ä¿¡é Œã§ããè³æ Œæ å ±]ïŒã«ç§»åããŸãã
Androidã®ããŸããŸãªããŒãžã§ã³ã®ã·ã¹ãã 蚌ææžã®æ°ïŒ
-Android 4.0.3ïŒ134
-Android 4.2.2ïŒ140
-Android 4.4.2ïŒ150
蚌ææžã®æ°ã¯ãã¡ãŒã«ãŒããšã«ãããã€ã¹ã®ã¢ãã«ããšã«ç°ãªãå ŽåããããŸãã
Android OSã«ãŠãŒã¶ãŒèšŒææžãã€ã³ã¹ããŒã«ããã«ã¯ãã«ãŒã蚌ææžãSDã«ãŒãã«ã¢ããããŒãããèšå®->ã»ãã¥ãªãã£->ã¡ã¢ãªã«ãŒãããã€ã³ã¹ããŒã«ããããAndroidã®MDMïŒDevicePolicyManagerïŒããããŒãžã§ã³4.4以éã§ã€ã³ã¹ããŒã«ããå¿ èŠããããŸãã ãœãŒã·ã£ã«ãšã³ãžãã¢ãªã³ã°ã䜿çšããŠãŠãŒã¶ãŒã«èšŒææžã匷å¶çã«ã€ã³ã¹ããŒã«ããããšã¯å¯èœã§ãããããã»ã©åçŽã§ã¯ãããŸããã
SSLãšiOS
iOSã§ã¯ãçµã¿èŸŒã¿ã®èšŒææžã¯è¡šç€ºã§ããã Apple Webãµã€ãããã®ã¿ãããã®æ å ±ãååŸã§ããŸãã ãŠãŒã¶ãŒèšŒææžã衚瀺ããã«ã¯ãèšå®->äžè¬->ãããã¡ã€ã«ã«ç§»åããŸãã
æ ŒçŽãããã·ã¹ãã ïŒ/System/Library/Frameworks/Security.framework/certsTable.data
ã«ã¹ã¿ã ä¿åå ŽæïŒ/private/var/Keychains/TrustStore.sqlite3
iOSã®ããŸããŸãªããŒãžã§ã³ã®ã·ã¹ãã 蚌ææžã®æ°ïŒèšŒææžã®æ°ã¯æŽæ°å¯èœïŒïŒ
-iOS 5ïŒ183
-iOS 6ïŒ183
-iOS 7ïŒ211
iOSã«ã¯ããŠãŒã¶ãŒèšŒææžãã€ã³ã¹ããŒã«ããæ¹æ³ãããã€ããããŸãã
-Safariãã©ãŠã¶ãŒãä»ããŠ-æ¡åŒµåã.pemã®èšŒææžãŸãã¯æ¡åŒµåã.profileã®æ§æãããã¡ã€ã«ããããªã³ã¯ã«ç§»åããå¿ èŠããããŸã
-蚌ââææžãé»åã¡ãŒã«ã«æ·»ä»ãã
-MDM APIçµç±
iOSã§ã®ãœãŒã·ã£ã«ãšã³ãžãã¢ãªã³ã°ã«ãããŠãŒã¶ãŒèšŒææžã®ã€ã³ã¹ããŒã«ã¯ãAndroidãããã¯ããã«ç°¡åã§ããããšãããããŸãã
ãœãŒã·ã£ã«ãšã³ãžãã¢ãªã³ã°ãéããŠèšŒææžãã€ã³ã¹ããŒã«ããããã®å¯èœãªãã¯ãã«ïŒ
1ïŒãŠãŒã¶ãŒã¯ç¡ç¥ã®ããã«èªåã§ãã¹ãŠãè¡ããŸãã ããšãã°ãç¹å®ã®èšŒææžãã€ã³ã¹ããŒã«ããåŸãç¹å®ã®ã¢ã¯ã»ã¹ãã€ã³ãã§ç¡æã®ã€ã³ã¿ãŒãããã¢ã¯ã»ã¹ãçŽæãããŸã;ïŒ
2ïŒæªæã®ãã蚌ææžãçµã¿èŸŒãŸããäžå€é»è©±ãè³Œå ¥ãã
3ïŒèšŒææžãããŸããŸæ»æè ã®æã«ããå ŽåïŒããšãã°ã圌ãé»è©±ããããã«é Œãã å ŽåïŒãiOSãæèŒããé»è©±æ©ã«èšŒææžãæ°ç§ã§ã€ã³ã¹ããŒã«ãããŸãã
4ïŒãè¯å¥œãªã蚌ææžãæã€ãããã¯ãŒã¯æ©åš-ããã§ã¯NSAãšãã¹ãŠã®ãã®ã ã·ã¹ãã 蚌ææžã衚瀺ããéçšã§ãæ¥æ¬ãšã¢ã¡ãªã«ã®èšŒææžã«æ°ä»ããŸããã ã€ãŸãã圌ãã¯MiTMãå®è¡ããèªåèªèº«ã§èšŒææžã«å眲åããããšãã§ããããã€ã¹ã¯æ»æããæŸãäžãããããšããããŸããïŒãããŠæå·åã«ããã¯ãã¢ã¯å¿ èŠãããŸããïŒã ç§ãã¡ã®ãã®ã¯ãããŸãã=ïŒ
Vulnsããã°ããšã©ãŒã...
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãã¯ã©ã€ã¢ã³ãã¢ããªã±ãŒã·ã§ã³ïŒãã®å Žåã¯ã¢ãã€ã«ãã³ãã³ã°çšã®ã¢ããªã±ãŒã·ã§ã³ïŒãšãµãŒããŒéã®ããåãã®éã«ã©ã®ãããªåé¡ãååšããããæ€èšããŸãã
ããã«æããäŸã¯ãã¹ãŠçŸå®ã®ãã®ã§ãããã¢ãã€ã«ãã³ãã³ã°ã®ã¢ããªã±ãŒã·ã§ã³ã®ã»ãã¥ãªãã£ç£æ»ã®éçšã§ãã®æ å ±ãå ¥æããŸããã
-HTTPSïŒSSLïŒã®æ¬ åŠ
ã©ããªã«é©ããããããŸãããã1幎åãéèååŒãå«ããã¹ãŠã®éä¿¡ãHTTPãããã³ã«ã䜿çšããŠè¡ãããã¢ãã€ã«ãã³ãã³ã°ã®ã¢ããªã±ãŒã·ã§ã³ã«åºäŒããŸããïŒèªèšŒã転éããŒã¿-ãã¹ãŠãæ確ã§ããã ããã¯ãééçãªå©çãåŸãããã«ãæ»æè ã被害è ãšåããããã¯ãŒã¯äžã«ããŠãæäœéã®è³æ Œãæã£ãŠããå¿ èŠãããããšãæå³ããŸãã ãã®åŸãæ»æãæåããããã«ã¯ãå®å ã®ã¢ã«ãŠã³ãçªå·ãšãå¿ èŠã«å¿ããŠéé¡ãä¿®æ£ããã ãã§ååã§ããã
ã¢ããªã±ãŒã·ã§ã³ãšãµãŒãããŒãã£ã®ãµãŒãã¹ãšã®çžäºäœçšã«ã€ããŠã¯ãç¶æ³ã¯æšå¹Žã«æ¯ã¹ãŠå°ãè¯ããªããŸãããã以åã®ããã«ããããã®ã»ãšãã©ã¯ãæ»æè ãç°¡åã«åœ±é¿ãäžããããšãã§ãããªãŒãã³ãã£ãã«ãéããŠæäœã«é¢ããè¿œå æ å ±ãæ±ããŠããŸãã ååãšããŠããã®æ å ±ã¯æ¬¡ã®ãã®ã«é¢é£ããŠããŸãã
â¢éè¡ãã¥ãŒã¹
â¢ATMã®å Žæ
â¢çºæ¿ã¬ãŒã
â¢ãœãŒã·ã£ã«ãããã¯ãŒã¯ã
â¢éçºè åãã®ããã°ã©ã ã®çµ±èšã
â¢åºå
æè¯ã®ã·ããªãªã§ã¯ãæ»æè ã¯è¢«å®³è ã«èª€ã£ãæ å ±ãäŒããææªã®å Žåã被害è ã®ããã€ã¹ã§å®è¡ãããç¬èªã®ã³ãŒããæ¿å ¥ããããšãã§ããŸããããã¯ãå°æ¥èªèšŒããŒã¿ããéãçãã®ã«åœ¹ç«ã¡ãŸãã ãã®çç±ã¯ãAndroid OSã§ã¯ã€ã³ã¿ãŒãããããã³ãŒããããŠã³ããŒãããŠå®è¡ã§ããããã§ãã ç¹å®ã®ç¶æ³äžã§ã¯ãæ»æè ã¯ãã®ãããªã³ãŒããéããŠãããã£ãã«ã«æ¿å ¥ã§ããŸãã ãŸãã¯ãéçºè ããªãŒãã³ãã£ã³ãã«ãä»ããŠã¯ã©ãã·ã¥ãã³ãããã°ã©ã ãéä¿¡ããå¥ã®ç¶æ³ã§ã¯ãMBãªã©ã®èå³æ·±ãæ å ±ãããŠãŒã¶ãŒåãšãã¹ã¯ãŒããèŠã€ããããšãã§ããŸãã
-ãã€ãã£ãæå·å
ãŸããå®éãšç 究ããã»ã¹ã®äž¡æ¹ã§ãã®ãªãã·ã§ã³ãæºãããŸããã ç§ãã¡ã¯ãã®äœ¿çšæ³ãç解ããŠããŸããããç§ãã¡ã®ä»®å®ã«ãããšãéè¡ã®ç¢ºç«ãããå éšããã»ã¹ã«é¢é£ããŠããå¯èœæ§ããããŸãã åæã«ãSSLã®ãã©ãã£ãã¯ã¯éçºè ã«ãã£ãŠè¿œå éçºãããŸããã
ç§ãã¡ã®å®è·µã瀺ãããã«ãç¬èªã®æå·åã䜿çšããããšã¯è¯ããããŸããã ããã¯æå·åã§ãããªãå ŽåããããŸãããåã«ç¬èªã®ãã€ããªãããã³ã«ã§ãããäžèŠãããšæå·åãããŠããããã«èŠããŸãã ãããã£ãŠãå°ãæåã§åæããåŸãMiTMãå¯èœã§ãã
-SSLã®èª€ã£ã䜿çš
æãäžè¬çãªãšã©ãŒã¯ã©ã¹ã¯ãSSLã®èª€çšã§ãã ã»ãšãã©ã®å Žåã次ã®çç±ã«é¢é£ããŠããŸãã
â¢é¡§å®¢ã®ãã¹ãã€ã³ãã©ã¹ãã©ã¯ãã£ã®æ¬ åŠ
顧客ã¯ãäœããã®çç±ã§é©åãªãã¹ãã€ã³ãã©ã¹ãã©ã¯ãã£ãæäŸã§ããªãå ŽåããããŸãã ãããŠãããã¯éçºè ãã¢ããªã±ãŒã·ã§ã³ã®æ£ããåäœãæ€èšŒããããã«å€ãã®ããªãã¯ã«è¡ããªããã°ãªããªããšããäºå®ã«ã€ãªãããŸãã
â¢éçºè ã®äžæ³šæ
ãã®é ç®ã¯ä»¥åã®é ç®ã«éšåçã«é¢é£ããŠãããéçºããã»ã¹ãããŸããŸãªãããã°ã³ãŒãã䜿çšããŠãã¹ãããã»ã¹ãé«éåãããšããäºå®ã«ã€ãªãããŸãã ãããŠãããã°ã©ã ã®ãªãªãŒã¹åã«ã圌ãã¯ãã®ã³ãŒããå¿ããŠããŸãã
â¢è匱ãªãã¬ãŒã ã¯ãŒã¯ã®äœ¿çš
å€ãã®å Žåãéçºè ã¯ããŸããŸãªãã¬ãŒã ã¯ãŒã¯ã䜿çšããŠåçŽåããŸãã èšãæããã°ã圌ãã¯ä»ã®èª°ãã®ã³ãŒãã䜿çšããŸããããã®äœã¬ãã«ã®éšåã¯ãã°ãã°é ãããŠããŠã¢ã¯ã»ã¹ã§ããŸããã ãã®ã³ãŒãã«ã¯è匱æ§ãå«ãŸããŠãããéçºè ã¯ãããã®è匱æ§ãæšæž¬ããããšãããããŸããã ããã¯ãã¢ãã€ã«ããã€ã¹åãã®ã¢ã¯ãã£ããªã¯ãã¹ãã©ãããã©ãŒã éçºã®èŠ³ç¹ããç¹ã«åœãŠã¯ãŸããŸãã äŸãOpenSSLã®Appcelerator TitaniumãŸãã¯HeartbleedïŒCVE-2014-0160ïŒã®è匱æ§ïŒ ãšã¯ã¹ããã€ãã§ã¯ã©ã€ã¢ã³ããæ»æããããšãã§ããŸãïŒã
â¢éçºè ãšã©ãŒ
éçºè ã¯ãSSLãæäœããããã«ããŸããŸãªã©ã€ãã©ãªã䜿çšã§ããŸããåã©ã€ãã©ãªã«ã¯ç¬èªã®ç¹æ§ããããèæ ®ããå¿ èŠããããŸãã ãã®ãããã©ã€ãã©ãªããã©ã€ãã©ãªãžã®ç§»è¡ã§ã¯ãéçºè ãåæåäžã«å®æ°ã誀ã£ãŠäœ¿çšããããé¢æ°ãç¬èªã«åå®çŸ©ãããããå¯èœæ§ããããŸãã
SSLã䜿çšããå Žåã®äž»ãªãšã©ãŒïŒ
-ãã§ãã¯ãç¡å¹ã«ããïŒãããã°APIïŒ
-ç¬èªã®æšæºãã³ãã©ãŒã®èª€ã£ãåå®çŸ©
-APIåŒã³åºãã®èª€ã£ãæ§æ
-匱ãæå·åèšå®
-è匱ãªããŒãžã§ã³ã®ã©ã€ãã©ãªã䜿çšãã
-åŒã³åºãçµæã®èª€ã£ãåŠç
-ãã¹ãåæ€èšŒã®æ¬ åŠããŸãã¯æ€èšŒããããã®ç¡å¹ãªæ£èŠè¡šçŸã®äœ¿çš
ç¡æ¡ä»¶ã®ã¯ã©ã·ãã¯-蚌ææžã®æ€èšŒãç¡å¹ã«ããŸãïŒ

ç¡æ¡ä»¶ã¯ã©ã·ãã¯-蚌ææžã®ãã¹ãåæ€èšŒãç¡å¹ã«ããŸãïŒ

ã«ãŒã蚌ææžã®äŸµå®³
SSLã䜿çšããå Žåãã«ãŒã蚌ææžã«äŸåããŸãã 圌ãã®åŠ¥åã®å¯èœæ§ãæé€ããããšã¯ã§ããŸãã-ããšãã°ãBit9ãDigiNatorãComodoã®ææ°ã®äºä»¶ãæãåºããŠãã ããã ä»ã®åœããã©ãã£ãã¯ããªãŒãã³ã§ãããšèšããäŒæ¥ã®èšŒææžãå¿ããªãã§ãã ããã
æ¢ã«ç€ºããããã«ãããã€ã¹ã«ã¯å€æ°ã®CA蚌ææžãããããããã®ããããã䟵害ããããšãããã€ã¹ã®ã»ãšãã©ãã¹ãŠã®SSLãã©ãã£ãã¯ã䟵害ãããŸãã
CA蚌ææžã䟵害ãããå ŽåïŒ
1ïŒãŠãŒã¶ãŒã¯ä¿¡é Œæžã¿ãã蚌ææžãåé€ã§ããŸã
aã Android OSã§ã¯ããŠãŒã¶ãŒã¯çµã¿èŸŒã¿ã®èšŒææžãšãŠãŒã¶ãŒèšŒææžã®äž¡æ¹ã§ãããè¡ãããšãã§ããŸãã
bã iOSã§ã¯ããŠãŒã¶ãŒã¯ãŠãŒã¶ãŒèšŒææžã®ã¿ãåé€ã§ããŸã
2ïŒOSéçºè ã¯ã¢ããããŒãããªãªãŒã¹ã§ããŸã
3ïŒèšŒææžã®çºè¡è ã¯ã蚌ææžãåãæ¶ãããšãã§ããŸãã 蚌ææžæ€èšŒãšã³ãžã³ã¯ãããåçã«æ€èšŒã§ããŸã
aã Androidã¯CRLãOCSPããµããŒãããŠããŸãã
bã iOSã¯OCSPã䜿çšããŸã
ãŠãŒã¶ãŒãèªåã§ã«ãŒã蚌ææžã管çããããšãæåŸ ããã®ã¯å°é£ã§ãã ãããã£ãŠãå¯äžã®æ¹æ³ã¯OSã®æŽæ°ãåŸ ã€ããšã§ãã OCSPã¯ã©ãã§ãå®è£ ãããŠããŸããã ã·ã¹ãã ã®ã»ãã¥ãªãã£äŸµå®³ãšæŽæ°ã®éã®ãŠãŒã¶ãŒã¯è匱ã§ãã
CA蚌ææžã«ã¯ããŸããŸãªçš®é¡ããããŸã-ããæ£ç¢ºã«ã¯ãããŸããŸãªç®çïŒã¡ãŒã«ã®æå·åãã³ãŒã眲åãªã©ïŒã«åœ¹ç«ã¡ãŸãããéåžžã¯1ã€ã®å®å šãªã¹ãã¢ã«æ ŒçŽãããHTTPSæ¥ç¶ã®ä¿¡é Œæ§ã確èªããããã«äœ¿çšã§ããŸãã æ®å¿µãªããã蚌ææžå²ãåœãŠã®æ£ããæ€èšŒãåžžã«å®è£ ãããŠããããã§ã¯ãããŸããã ãããã£ãŠãæ»æè ã¯1ã€ã®ç®çã§çºè¡ã»ã³ã¿ãŒããæ£åœãªèšŒææžãååŸããããã䜿çšããŠMitMæ»æäžã«HTTPSæ¥ç¶ã確ç«ã§ããŸãã
ããã«ããŠãŒã¶ãŒããã©ãŠã¶ã§äœæ¥ããŠããå Žåãã¢ãã¬ã¹ããŒã®èµ€ãããã¯ã¢ã€ã³ã³ã«ãããçããã蚌ææžã®ã¢ã¯ã·ã§ã³ã«æ°ä»ãå ŽåããããŸãã åãç¶æ³ã§ãã¢ããªã±ãŒã·ã§ã³ãä»ããŠäœæ¥ããå Žåãéçºè ãäºåã«ãããäºæž¬ããŠããªããããæ»æãé ãããŠããªãéãããŠãŒã¶ãŒã«ã¯éç¥ãããŸããã
SSLãã³ãã³ã°
SSL Pinningã¢ãããŒãã䜿çšããŠã䟵害ãããã«ãŒãã·ã¹ãã 蚌ææžãšç¹å¥ã«çµã¿èŸŒãŸãããŠãŒã¶ãŒèšŒææžããä¿è·ã§ããŸãã
ãã³ãã³ã°ã¯ããã¹ããæåŸ ãããX509蚌ææžãŸãã¯å ¬éããŒã«é¢é£ä»ããããã»ã¹ã§ãã ã¢ãããŒãã¯ãã¢ããªã±ãŒã·ã§ã³ã§ãµãŒããŒãšçŽæ¥ããåããããšãã«ä¿¡é Œãã蚌ææžãŸãã¯å ¬éããŒãåã蟌ã¿ãçµã¿èŸŒã¿ã®èšŒææžã¹ãã¢ã®äœ¿çšãæåŠããããšã§ãã ãã®çµæããµãŒããŒã§äœæ¥ããå Žåãã¢ããªã±ãŒã·ã§ã³ã¯ããã©ãã·ã¥ãããæå·ããªããã£ãã«åºã¥ããŠã®ã¿èšŒææžã®æå¹æ§ããã§ãã¯ããŸãã
éçºè ã¯ã¢ããªã±ãŒã·ã§ã³ãæ¥ç¶ãããµãŒããŒãæ£ç¢ºã«ææ¡ããŠããããã®ãããªãµãŒããŒã®ãªã¹ãã¯å°ãªããããMBã¢ããªã±ãŒã·ã§ã³ã¯SSLããã³ã°ã®äœ¿çšã«æé©ã§ãã
SSLããã³ã°ã«ã¯ãäž»ã«2ã€ã®ã¿ã€ãããããŸãã
-蚌ââææžã®ãã³çãïŒ
oå®è£ ãç°¡å
oã¢ãããŒãã®æè»æ§ãäœã
-å ¬éããŒã®åºå®ïŒ
oäžéšã®ãã©ãããã©ãŒã ã§ã®å®è£ ã«é¢ããåé¡
oåªããã¢ãããŒãã®æè»æ§
ããããã®ã¢ãããŒãã«ã¯é·æãšçæããããŸãã
å©ç¹ã¯ã次ã®æ©èœã䜿çšã§ããããšã§ãã
1ïŒèªå·±çœ²å蚌ææž
2ïŒãã©ã€ããŒãCAçºè¡èšŒææž
SSLããã³ã°ãå®è£ ããã«ã¯ãããã€ãã®æšæºæ©èœãåå®çŸ©ããç¬èªã®ãã³ãã©ãŒãäœæããå¿ èŠããããŸãã Androidã§WebViewã䜿çšããiOSã§UIWebViewã䜿çšããŠããå Žåããããã®ä»æ§ã®ããã«SSLãã³ãã³ã°ãæ©èœããªãããšã«æ³šæããŠãã ããã

SSLãã³ãã³ã°ãšã³ãžã³
App1ã¯æç·èšŒææžãŸãã¯å ¬éããŒã®ã¿ã䜿çšããŠã蚌ææžã®æå¹æ§ãæ€èšŒããŸãã
蚌ææžã®æå¹æ§ã確èªããApp2ã¯ãã·ã¹ãã 蚌ææžã¹ãã¢ã«ç§»åãããã¹ãŠã®èšŒææžãé çªã«ç¢ºèªããŸãã
æè¿ã®SSLããã³ã°
GoogleãµãŒãã¹åãChrome 13ã§åããŠãã¯ãããžãŒãåºãæ®åããŸããã 次ã¯TwitterãCards.ioãªã©ã§ããã
çŸåšãã¢ãã€ã«ã¢ããªã±ãŒã·ã§ã³ã®ãã¹ãŠã®ã¹ãã¢ïŒGoogle PlayãApp StoreãWindowsPhone MarketïŒã¯ããã§ã«ãã®ã¢ãããŒãã䜿çšããŠããã€ã¹ãæäœããŠããŸãã
SSL Pinningãå®è£ ããããã®ã³ãŒãã¯ãAndroidãiOSãããã³.NETã®OWASP Webãµã€ãã«ãããŸãã Android 4.2以éãSSLãã³ãã³ã°ã¯ã·ã¹ãã ã¬ãã«ã§ãµããŒããããŠããŸãã
SSLãã³ãã³ã°ãã€ãã¹
ã¢ãã€ã«ããã€ã¹ã«ãžã§ã€ã«ãã¬ã€ã¯ãŸãã¯ã«ãŒãã¢ã¯ã»ã¹ãååšããå ŽåãSSLãã³ãã³ã°ããã€ãã¹ãŸãã¯ç¡å¹ã«ããããšãã§ããŸãã ååãšããŠãããã¯ç 究è ããããã¯ãŒã¯ãã©ãã£ãã¯ãåæããããã«ã®ã¿å¿ èŠã§ãã Androidã§åæããã«ã¯ãiOSçšã®Android SSL Bypassããã°ã©ã ãiOS SSL Kill Switchããã³TrustMeããã°ã©ã ããããŸãã
çè«çã«ã¯ããã«ãŠã§ã¢ã¯ããããšåãã¢ãããŒãã䜿çšã§ããŸãã
ä»ã®ã³ãŒããšåæ§ã«ãSSLããã³ã°ãã§ãã¯ã¯æ£ããå®è£ ãããªãå¯èœæ§ããããããããã«æ³šæããå¿ èŠããããŸãã
åæ
ååãªçè«ãç·Žç¿ãšçµæã«ç§»ããŸãããïŒ
ãã®èª¿æ»ã§ã¯ãiOS 7ãæèŒããiPhoneãš4.0.3ãæèŒããAndroidã®2ã€ã®ããã€ã¹ã䜿çšããŸãã
䜿çšããããŒã«ïŒBurpãsslsplitãiptablesãopensslã ããã«ãã®ãããªåçŽãªã»ããããããŸãã ãæ³åã®ãšãããåçåæã䜿çšãããŸãã-ã¢ããªã±ãŒã·ã§ã³ãä»ããŠéè¡ãšã®èªèšŒãè©Šã¿ãã ãã§ãã ãã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ãã¹ãã¢ïŒGoogle PlayãšApp StoreïŒã§ç¡æã§å©çšã§ããã®ã¯é¢çœãããšã§ãããã¹ãŠã®éè¡ïŒããã€ãã®äŸå€ããããŸãïŒã«ç»é²æžã¿ã®ã¢ã«ãŠã³ãã¯å¿ èŠãããŸããïŒ ãã®ããããã®å®éšã¯ãããçšåºŠã®ç¥èãšãã¹ãã¬ãŒãããªæè ãæã€äººãªã誰ã§ãå®è¡ã§ããŸãã
次ã®2ã€ã®åŽé¢ããã¹ãããŸããã
1ïŒã¯ã©ã€ã¢ã³ãåŽã§ã®SSL蚌ææžã®æ€èšŒã¯ã©ã®çšåºŠæå¹ã§ããïŒ
-èªå·±çœ²å蚌ææžã䜿çšããŸãã
-ä¿¡é Œã§ããCAãå¥ã®ãã¹ãåã«çºè¡ãã蚌ææžã䜿çšãã
2ïŒSSLãã³ãã³ã°ã¯æ©èœããŸããïŒ
-ãã®ãã¹ãã«CA蚌ææžã䜿çšããŸããã
ã¢ã¯ãã£ããªæ»æãMitMããå®æœããŸããã ãããè¡ãããã«ã被害è ã«ã蚌ææžãæäœããå¶åŸ¡ãããã²ãŒããŠã§ã€ãä»ããŠã€ã³ã¿ãŒãããã«ã¢ã¯ã»ã¹ããããã«åŒ·å¶ããŸããã
èªå·±çœ²å蚌ææžã䜿çšããŠäœæ¥ããã¹ãããããã«ãç¬èªã®èšŒææžãçæããŸããã
SSL Pinningã®ååšãšãã¹ãåæ€èšŒã®æ£ç¢ºããæ€èšŒããããã«ãç¬èªã®ã«ãŒã蚌ææžãçæããã¢ãã€ã«ããã€ã¹ã«ã€ã³ã¹ããŒã«ããŸããã
çµæã¯æ¬¡ã®ãšããã§ãã
IOSã«ã¯6ïŒ ã®ã¢ããªã±ãŒã·ã§ã³ããããAndroidã®11ïŒ ã«ã¯ç¬èªã®ãããã³ã«ãããããã®çžäºäœçšã®ã»ãã¥ãªãã£ã«ã¯è©³çŽ°ãªæååæãå¿ èŠã§ãã ãã©ãã£ãã¯ã®èŠèŠçåæãããæ確ã§èªã¿åãå¯èœãªããŒã¿ãšãå§çž®/æå·åãããããŒã¿ã®äž¡æ¹ãå«ãŸããŠãããšèšããŸãã ç§ãã¡ã®å®è·µãšäžççãªçµéšããããããã®ã¢ããªã±ãŒã·ã§ã³ã¯ãMitMãæ»æã«å¯ŸããŠè匱ã§ããå¯èœæ§ãé«ããšèšããŸãã
iOSã¢ããªã®14ïŒ ãšAndroidã¢ããªã®15ïŒ ã¯ãèªå·±çœ²å蚌ææžã«å¯ŸããŠè匱ã§ãã ãããã®ã¢ããªã±ãŒã·ã§ã³ã®è³éãçãã®ã¯æéã®åé¡ã§ãã
iOSã¢ããªã±ãŒã·ã§ã³ã®14ïŒ ããã³Androidã¢ããªã±ãŒã·ã§ã³ã®23ïŒ ã¯ãCA眲åä»ã蚌ææžãã¹ãåã«å¯ŸããŠè匱ã§ãã ãŸãããã¹ãåã確èªãããšãã«ãå€ãã®æ€èšŒãšã©ãŒãçºçããå¯èœæ§ãããããšã«ã泚æããŠãã ããã ãã®ãã§ãã¯ã¯1ã€ã®ååã®ã¿ã§å®è¡ããããšããäºå®ã«ããããããã®çµæã¯è匱ãªã¢ããªã±ãŒã·ã§ã³ã®æ°ã®äžéã®ã¿ãšèŠãªãããšãã§ããŸãã
iOSãšAndroidã®è匱ãªã¢ããªã±ãŒã·ã§ã³ãåæã«æã£ãŠããéè¡ã¯1ã€ã ãã§ããããšã«æ³šæããŠãã ããã
SSLããã³ã°ã¯éåžžã«ãŸãã§ããiOSã®ã¢ããªã±ãŒã·ã§ã³ã®1ïŒ ãAndroidã®ã¢ããªã±ãŒã·ã§ã³ã®8ïŒ ã§ãã SSLãã§ãã¯ã«é¢é£ããªãä»ã®çç±ã§ãã®ãã§ãã¯ã«åæ Œããªãã£ãå¯èœæ§ãããããã®ã¡ã«ããºã ã䜿çšããŠããã¢ããªã±ãŒã·ã§ã³ã®å²åã¯ããã«å°ãªãããšã«æ³šæããŠãã ããã ãŸãããã®ä¿è·ã¡ã«ããºã ãåé¿ããããšããããã®å®è£ ã®æ£ç¢ºããåæããŸããã§ããã
ã¢ãã€ã«ã¢ããªã±ãŒã·ã§ã³ã®ã»ãã¥ãªãã£åæã®çµéšãããããããã«ãã»ãšãã©ã®å Žåã蚌ææžã®æ€èšŒãç¡å¹ã«ããã³ãŒãããããŸãã é¢æ°ã¯éåžžãFake *ãNonValidating *ãTrustAll *ãªã©ã®ç²Ÿç¥ã§åŒã³åºãããŸãã ãã®ã³ãŒãã¯ããã¹ãç®çã§éçºè ã䜿çšããŸãã ãã®ç¹ã§ãéçºè ã®äžæ³šæã«ãããã³ãŒãã¯ããã°ã©ã ã®æçµãªãªãŒã¹ã«èœã¡ãå¯èœæ§ããããŸãã ãããã£ãŠãããããŒãžã§ã³ã§ã¯èšŒææžæ€èšŒã®è匱æ§ãçŸããå¥ã®ããŒãžã§ã³ã§ã¯æ¶æ» ããããããã®è匱æ§ã¯ããŒãžã§ã³ããšã«ãå€åãããŸãã ãã®çµæããã®ã³ãŒãã®ã»ãã¥ãªãã£ã¯ãéçºè ãç·šæããããã»ã¹ã®æ£ç¢ºãã«äŸåããŸãã
çµè«
SSLã®äžé©åãªåäœã¯ãéè¡ã®é¡§å®¢ã®å£åº§ããã®ãéã®çé£ã«ã€ãªããè匱æ§ã®1ã€ã«ãããŸããã ä»ã®è匱æ§ïŒå Žåã«ãã£ãŠã¯ããã»ã©éèŠã§ã¯ãªãïŒãšãã®ãã§ãŒã³ã®äœ¿çšããééçæ倱ã«ã€ãªããå¯èœæ§ããããŸãã åæã«ããµãŒããŒåŽã§ãããã¹ãŠãããŸããªãããšããããŸããïŒ ABSã¯æã ããèªäœãæããŸãïŒãããã¯ãŸã£ããå¥ã®è©±ã§ãã
PSåæ§ã®è匱æ§ãäœè ã«ãã£ãŠçºèŠããã ããŸããŸãª BugBountyããã°ã©ã ã«åå ããéçšã§çºèŠãããããšã¯æ³šç®ã«å€ããŸã;ïŒ
PSSèšå€§ãªæ°ã®ããã°ã©ã ã®åæãæ¯æŽããŠãããEgor KarbutovãIvan ChalykinãNikita Kelesisã«æè¬ããŸãïŒ