1. Richard Buckley's Avatar
    You are really right, ofutur ! Thank you !

    And one more time we have to wait that TLS 1.2 is integrated
    and all unsecure/dated protocols would be removed. ( Or left at the end of the row )
    I really hope BlackBerry would do this IN TIME, NOW ! With the next Official OS Update or whatever.

    I was wondering about that old TLS a long time, but many BlackBerry "Lovers" here are very disappointed if one awakes them of their "Super transparent HiSec Dream".
    If you have any credible indication that SSL/TLS as implemented on BB10 is not secure I would very much like to read it.

    This thread is full of blanket statements about vulnerability based on versions that straight up ignore possible mitigation that has been implemented by BlackBerry.

    Posted via CB10
    09-28-14 06:41 PM
  2. Old_Mil's Avatar
    So after wading through this 9 page thread, here are my conclusions as a lay person...feel free to correct any misconceptions I may have.

    1. The most secure browsing platform i have is Abrowser on the Trisquel/BSD 6 LTS release i am running on my desktop. I should do all my online shopping, online banking, and online trading on this.

    2. The least secure browsing platform I have is the blackberry playbook which offers no OpenVPN, no TLS beyond 1.0, no certificate revocation checking.

    3. Our Z10 and ipad2 running iOS 8 fall somewhere in between offering no certificate revocation checking but do offer TLS 1.2 compatibility.

    4. I should just cancel my data plans and put our sims back in motorola krazrs.

    I am kidding about that last one. Kind of.
    09-28-14 10:27 PM
  3. Old_Mil's Avatar
    Little more digging around: I tested the PlayBook native browser, origami, dolphin, and maxthon as well as the Z10's native browser and evolution on the revoked.grc.com website. All loaded the page (which is to say that they failed the test).

    Opera mobile (android version running on the z10) actually correctly rejected the website and would not load it. This is the only mobile browser that I found in my short testing tonight that passed.

    On the ipad (iOs 8) the native browser, mercury and Opera *Mini* all loaded the page and failed the test. I could not find opera mobile in the iOs app store.

    Posted via CB10
    09-28-14 11:13 PM
  4. Richard Buckley's Avatar
    Certificate revocation checking is a difficult problem for mobile devices because downloading the revocation lists consumes a lot of data. I'm surprised some Opera installations didn't catch the rejected certificate. The mobile version has the ability to request the page through their server which will compress the data, and is in a better position to check the certificate. Of course this comes with its own security and privacy issues and may be turned off in some of your installations.

    Google Chrome doesn't check revocation at all except for a small list that Google considers important. Their reasoning is that it takes too much time and is useless anyway. The real solution is OCSP Stapling : http://en.m.wikipedia.org/wiki/OCSP_stapling The server is responsible for getting a signed affidavit from the CA and including it with the response. This way the client doesn't have to fetch revocation data for the whole certificate chain.

    In order to take advantage of a revoked certificate a malicious actor has to first get the certificate and the associated private key. Then they must some how redirect browsers to the server where they have set up the certificate. This is possible through DNS attacks, but such attacks have been tried and we are better defended against them now, especially if you use a well run DNS server.

    The thing with this thread is that it is an argument about mostly theoretical but unused attack vectors. This leads to people worrying about which version of TLS their browser and server use when malicious actors are using Heart Bleed, Shellshock or a policy of not patching point of sale equipment. It's a bit like arguing that a car company A should be installing more air bags like company B when B has been selling cars with detective parts that kill people even with the extra air bags.
    Posted via CB10
    Last edited by Richard Buckley; 09-29-14 at 09:12 AM.
    09-29-14 08:56 AM
  5. jasonvan9's Avatar
    Passport running official 10.3


    The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols-img_20140929_120156.png

    Sent via my game changer BlackBerry Passport
    09-29-14 11:03 AM
  6. Superdupont 2_0's Avatar
    Passport running official 10.3


    Click image for larger version. 

Name:	IMG_20140929_120156.png 
Views:	774 
Size:	195.9 KB 
ID:	301519

    Sent via my game changer BlackBerry Passport
    Cool!
    Could you also check the cipher suites of your browser on ssllabs.com?

    In 2-3 weeks I'll be able to check by myself, but I'm just curious!
    09-29-14 11:17 AM
  7. Superdupont 2_0's Avatar

    In order to take advantage of a revoked certificate a malicious actor has to first get the certificate and the associated private key. Then they must some how redirect browsers to the server where they have set up the certificate. This is possible through DNS attacks, but such attacks have been tried and we are better ....
    Posted via CB10

    How about this attack:
    Setting up a rouge access point with the same SSID like your home wifi, but a stronger signal.
    Normally the smartphone should connect to the rouge network and then the attacker can try variations of MITM.

    For this scenario certificate pinning and OSCP stapling of the browsers are probably the best defense strategy, but TLS1.2 would be a nice bonus.

    ...just my 2 cents to demonstrate that the government is not the only player for MITM attacks.
    09-29-14 11:38 AM
  8. Old_Mil's Avatar
    The TLS 1.2 support is built in to 10.3, that's how howsmyssl.com looks on my Z10 as well.
    09-29-14 11:46 AM
  9. thurask's Avatar
    Cool!
    Could you also check the cipher suites of your browser on ssllabs.com?

    In 2-3 weeks I'll be able to check by myself, but I'm just curious!

    The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols-img_20140929_124655.png
    The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols-img_20140929_124713.png
    The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols-img_20140929_124720.png

    Posted via CB10
    09-29-14 11:48 AM
  10. Richard Buckley's Avatar
    How about this attack:
    Setting up a rouge access point with the same SSID like your home wifi, but a stronger signal.
    Normally the smartphone should connect to the rouge network and then the attacker can try variations of MITM.

    For this scenario certificate pinning and OSCP stapling of the browsers are probably the best defense strategy, but TLS1.2 would be a nice bonus.

    ...just my 2 cents to demonstrate that the government is not the only player for MITM attacks.
    Will a BlackBerry even connect to a Wi-Fi access point if the security parameters and credentials don't match the configured one? If you are using poor security on your router so that you get sucked into connecting to the rogue a MiM attack against SSL/TLS is the least of your worries. Certificate pinning would protect you, but you can't store all the certificates for all the severs and CAs. I don't think you could even do it for all the ones you visit. If the rogue site claims they don't do OCSP stapling what do you do? It would probably be equally difficulet to pre-load with all the sites that do stapling. If not now as it becomes more wide spread. But unless the browser just refuses to connect to any server that doesn't staple there will be vulnerabilites.

    But the most telling point in all of this is what the rogues are doing. If attacking SSL 3.0 or using stolen certificates is such a great risk why doesn't it happen? The most likely attack based on inappropriate certificates you are likely to see are those issued by rogues via actual CAs they have hacked. And no version of TLS is going to protect you. As Alex Manea said "mobile security is like a street fight. You don't have to be perfect, you just have to be a hard target. You are only as strong as your weakest link. You need to know who to trust."

    In this example having your Wi-Fi connection is the weakest link. Depending on the level of trust you have in that connection cryptography may not help you. Especially if establishing a secure link depends on trusing the DNS the connection provides. Ubiquitous SSL/TLS or VPNs protect you from rogues camped out on the same hotspot. Only the very best will protect you from a rogue hotspot. But nothing will protect you from a server that has been compromised because of Shellshock and installs maleware on your device (except a device which has no viable maleware). In fact the ecnryption on that site will ensure that the maleware is delivered without modification and that no one watching the connection could possibly know you've been taken over.

    Look back at all the security issues so far this year. Total up the ones that happened through the use of less that cutting edge crypto, and the ones that happened because of the use of cutting edge crypto (Heart Bleed), and the ones that happend because of poor implementation, or leaving know security vulnerabilites un-patched (Shellshock, Home Depot, Target, iCloud photos).

    We see from other posts that 10.3 supports TLS 1.2. It is only too late if BlackBerry customers have been compromised because they could not use TLS 1.2 before now. No one has yet provided any indication of that.
    09-29-14 12:22 PM
  11. anon9111501's Avatar
    I would very much like to read it.
    Eat this:

    BlackBerry Playbook – New Challenges
    by Yury Chemerkin
    This approach mainly based on examines how many differences do exist between BlackBerry OS and new BlackBerry OS based on QNX OS.

    Think more:
    - TapLogger Trojan for BlackBerry never fixed
    - DMTF signalling as possible covert channel BBOS10
    - Address book spam-attack vector
    - Remote wipe service on BBOS

    PS:
    You wanted to read, but i never ever give YOU or somebody else a
    How2Hack TLS, sometimes you couldn't find it at Wikipedia...lol.
    This is why BB does not make their SecHoles public and why we
    get many updates.
    hackin9!org
    09-29-14 02:51 PM
  12. Richard Buckley's Avatar
    Eat this:

    BlackBerry Playbook – New Challenges
    by Yury Chemerkin
    This approach mainly based on examines how many differences do exist between BlackBerry OS and new BlackBerry OS based on QNX OS.

    Think more:
    - TapLogger Trojan for BlackBerry never fixed
    - DMTF signalling as possible covert channel BBOS10
    - Address book spam-attack vector
    - Remote wipe service on BBOS

    PS:
    You wanted to read, but i never ever give YOU or somebody else a
    How2Hack TLS, sometimes you couldn't find it at Wikipedia...lol.
    This is why BB does not make their SecHoles public and why we
    get many updates.
    hackin9!org
    Yeah. Read those.
    09-29-14 04:32 PM
  13. BCITMike's Avatar
    Eat this:

    BlackBerry Playbook – New Challenges
    by Yury Chemerkin
    This approach mainly based on examines how many differences do exist between BlackBerry OS and new BlackBerry OS based on QNX OS.

    Think more:
    - TapLogger Trojan for BlackBerry never fixed
    - DMTF signalling as possible covert channel BBOS10
    - Address book spam-attack vector
    - Remote wipe service on BBOS

    PS:
    You wanted to read, but i never ever give YOU or somebody else a
    How2Hack TLS, sometimes you couldn't find it at Wikipedia...lol.
    This is why BB does not make their SecHoles public and why we
    get many updates.
    hackin9!org
    Translation anyone?
    09-29-14 04:37 PM
  14. Superdupont 2_0's Avatar
    Translation anyone?
    Gur jrrq vf fgebat va guvf bar.
    09-29-14 06:54 PM
  15. Alain_A's Avatar
    Gur jrrq vf fgebat va guvf bar.
    what type of Chinese is that?
    09-29-14 07:47 PM
  16. thurask's Avatar
    what type of Chinese is that?
    ROT13
    09-29-14 11:03 PM
  17. Richard Buckley's Avatar
    Eat this:

    BlackBerry Playbook – New Challenges
    by Yury Chemerkin
    This approach mainly based on examines how many differences do exist between BlackBerry OS and new BlackBerry OS based on QNX OS.

    Think more:
    - TapLogger Trojan for BlackBerry never fixed
    - DMTF signalling as possible covert channel BBOS10
    - Address book spam-attack vector
    - Remote wipe service on BBOS

    PS:
    You wanted to read, but i never ever give YOU or somebody else a
    How2Hack TLS, sometimes you couldn't find it at Wikipedia...lol.
    This is why BB does not make their SecHoles public and why we
    get many updates.
    hackin9!org
    Translation anyone?
    It is unfortunate that these subject lines were presented in this way because many of them are worth knowing. Not because they necessarily present a clear and present threat, but because as the mobile space evolves these issues may become more important.

    Yuri Chemerkin is a security researcher. His article titled BlackBerry Playbook – New Challenges primarily focuses on the ability, provided you can install and execute appropriate software on a desktop machine, to capture the password entered into BlackBerry desktop software. Once captured the password can then, of course, be used to access data from the device. The article is written in the context of forensic analysis of the device. Outside of that context there is a certain difficulty in applying these techniques. All of this should be stunningly obvious to anyone who has gotten this far in this thread.

    I believe TapLogger Trojan for BlackBerry is referring to TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-board Motion Sensors by Zhi Xu, Kun Bai and Sencun Zhu. It is an interesting concept with a concept demonstration Android application. It was all the rage for a week or two when the paper was first published, and has more or less faded. You can read the paper and decide for yourself how immediate the threat is.

    And so forth.

    TapLogger is an interesting example of researchers doing good work, publishing a paper and the press stridently reporting on it. In some cases the stridency is justified (Heart Bleed, Shellshock). Some times it turns out that existing protections are sufficient to protect against the presented vulnerability. In the case to TapLogger the researchers, or at least the press, did not factor in the static analysis applied to applications in well curated app stores. Nor did they consider the detectability of an application that collects all the sensor data a full speed and attempts to process it. At the time the BlackBerry system monitor was fairly primitive, but in 10.2.1 such an application would stand out as a CPU and battery hog.

    Finally I find it interesting that 0x0000 has no problem giving me non SSL/TLS exploits, at least old ones, but "but i never ever give YOU or somebody else a How2Hack TLS". I suspect it is because he doesn't have any.
    09-30-14 08:06 AM
  18. anon(2729369)'s Avatar
    New SSL vulnerability
    BlackBerry needs to upgrade their OpenSSL component in BB10 and drop support for SSLv3 ASAP, just like Google is doing.

    Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback

    TL;DR

    • SSLv3 can be used by an attacker on the network (MitM) to hijack a session
    • Browsers can be forced to use SSLv3


    The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols-poodle_10.3.1.png

    Mitigation
    Use Firefox and disable SSLv3

    The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols-poodle_firefox.png
    Last edited by ofutur; 10-16-14 at 07:42 AM.
    10-16-14 06:04 AM
  19. Superdupont 2_0's Avatar
    And I thought my BlackBerry browser is safe

    The "secure" BB10 OS is not great at establishing secure connections because it uses dated protocols-poodle.png

    Two tests, two different results?
    10-16-14 09:54 AM
  20. anon(2729369)'s Avatar
    And I thought my BlackBerry browser is safe

    Click image for larger version. 

Name:	Poodle.png 
Views:	321 
Size:	108.9 KB 
ID:	306489

    Two tests, two different results?
    It could be that Qualys is just doing a simple test instead of really trying to see if the browser is vulnerable or the student isn't doing a good job at creating a universal tester.

    I'm sure Qualys will provide updates if their test is not good enough.
    10-16-14 10:06 AM
  21. BBFunGuy's Avatar
    It showed as not vulnerable for me also. Mozilla are due to remove ssl 3 this November, so ff users will be safe then too.
    10-16-14 11:51 AM
  22. anon(2729369)'s Avatar
    It showed as not vulnerable for me also. Mozilla are due to remove ssl 3 this November, so ff users will be safe then too.
    Except that his logic is flawed (I think)
    "So in short: Firefox is less likely to downgrade to SSLv3 if the server follows best practices on cipher selection, even if SSLv3 is still supported."

    The whole point is to be a bad server and force the client to downgrade.

    Proper tests
    https://www.ssllabs.com/ssltest/viewMyClient.html
    https://zmap.io/sslv3/

    And Firefox is not vulnerable if you disable SSLv3, same for Chrome.

    The list on zmap is interesting. It's showing how some bad apples such as Citibank are holding back web browsers from removing dating protocols.
    10-16-14 02:08 PM
  23. Superdupont 2_0's Avatar
    For those who want to disable the SSL 3.0 protocol globally in their Windows systems (not only in IE)


    https://technet.microsoft.com/en-us/...y/3009008.aspx


    Quote:

    Disable SSL 3.0 in Windows

    You can disable support for the SSL 3.0 protocol on Windows by following these steps:
    Click Start, click Run, type regedt32 or type regedit, and then click OK.
    In Registry Editor, locate the following registry key:

    HKey_Local_Machine\System\CurrentControlSet\Contro l\SecurityProviders \SCHANNEL\Protocols\SSL 3.0\Server

    Note If the complete registry key path does not exist, you can create it by expanding the available keys and using the New -> Key option from the Edit menu.
    On the Edit menu, click Add Value.
    In the Data Type list, click DWORD.
    In the Value Name box, type Enabled, and then click OK.

    Note If this value is present, double-click the value to edit its current value.
    Type 00000000 in Binary Editor to set the value of the new key equal to "0".
    Click OK. Restart the computer.


    Since I am no server admin and administrate only my pc (“client”), I am disappointed that there is no manual for users.
    But luckily the same procedure worked on a windows pc.
    On my pc I found only a “SSL 2.0”-key in the “Protocols”, but here you see how one can add a “SSL 3.0”-key with a few clicks. However, after creating the “Client” under “SSL 3.0”, I followed the Microsoft advisory again and named the DWORD (32-bit) value “Enabled” (do not name it “DisabledByDefault” as digicert is suggesting!), the value was already “0” by default. Since I am no server admin, I did not create a server key and just restarted my computer.



    Is there guide about how to disable SSL3 globally in Linux distributions?
    Last edited by Superdupont 2_0; 10-17-14 at 07:18 AM.
    10-17-14 07:07 AM
  24. anon(2729369)'s Avatar
    Is there guide about how to disable SSL3 globally in Linux distributions?
    It's complicated...
    You can recompile OpenSSL yourself and disable SSLv3, but then some apps will stop working because they don't check if SSLv3 has been compiled or not.
    The best thing to do is wait for the distros to sort it out for you.

    In the meantime, you can configure your web servers to not use it. afaik, only HTTP is affected, for now.
    10-17-14 07:27 AM
  25. anon9111501's Avatar
    ... the Poodle for Example

    https://www.openssl.org/~bodo/ssl-poodle.pdf

    The References at the End of this PDF are known as intresting.
    10-17-14 01:20 PM
227 ... 78910

Similar Threads

  1. Not Taking a Step Back
    By JAS0NB0URNE in forum BlackBerry Classic
    Replies: 11
    Last Post: 02-28-14, 02:05 PM
  2. BlackBerry ahead of Android 2 years back , hope we had the same thing now.
    By rave1090 in forum General BlackBerry News, Discussion & Rumors
    Replies: 4
    Last Post: 02-25-14, 11:43 AM
  3. It's business as usual with app development on the BlackBerry Q20
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 1
    Last Post: 02-25-14, 11:12 AM
LINK TO POST COPIED TO CLIPBOARD