All we need is an easy explanation of the problem, so here it is.
I’m writing an iOS app for private use to act as a client for a PHP server. To secure the connection I’m using a self-signed SSL certificate.
Since the server is self-hosted, on the first connection inside my LAN I could be pretty sure that no MITM attacks were happening.
So I saved in a file the certificate that the server sent to the client and then I bundled the downloaded certificate inside my app to check on every connection if the certificate sent by the server and the one bundled in my app were the same (SSL Pinning basically).
I know very little about MITM Attacks and security in general so my question is the following: could an attacker download the certificate (like I did) from my server and use that certificate to pretend to be the server and perform a MITM attack? Or am I misinterpreting the way man-in-the-middle works?
How to solve :
I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.
It is not the certificate that matters, but the private key. That one does not leave the server! To impersonate the server, the man in the middle would need to obtain that private key. The certificate itself is public data, and sent by the server to every client who asks for it by simply connecting.
(A Man in the Middle attack is a double impersonation: the attacker poses as the server when talking to the client, and the client when talking to the server. In simple SSL, with no certificate-based client authentication, the client is nominally anonymous, so mounting a successful MitM reduces to running a fake server that the clients accept as genuine. Fat luck with that, if you don’t have the server’s private key.)
Actually, depending on how your client implements SSL/TLS and PKI, it might be possible for an attacker to pull off something vaguely similar: For instance, read this page on how eavesdropping on secure connections might be technically possible, if sufficient attention isn’t paid to the PKI part of SSL/TLS.
For short: The attacker would generate a root certificate, somehow get your client application to trust it (which is the critical part), and then act as a man-in-the-middle that generates server certificates on the fly, when your client connects to a (the) server.
Edit: Bundling the certificates the software is meant to trust with the application, rather than pulling them from a store the man-in-the-middle might compromise, is in principle sufficient to thwart this vulnerability.
Bundling certs, installing embedded certs, implementations DO NOT MATTER period. If you think this is the case, you’re missing the underlying handling of certificates.
When a connection is made via the PKI infrastructure it usually works as follows:
Client (with cert) --> before connection is made, let me consult CA --> Internet Client (with cert) --> Hey CA is this cert being used valid --> Internet CA CA --> checks cert information CA --> Valid cert? --> Yes --> This is a valid cert --> Client CA --> Valid cert? --> No --> This is NOT A VALID cert --> Client
What occurs with attackers is a) they can replace YOUR valid cert with a STOLEN – SIGNED CERT and the above occurs:
Client (with signed STOLEN cert) --> Let me consult CA --> Internet Client (with signed STOLEN cert) --> Hey CA is this cert valid? CA --> checks cert information (cert was not revoked) CA --> Yes --> This is a valid cert --> Client
From what I am reading, it if the impression that when a connection is made ONLY the SPECIFIED certificate WILL BE USED and an attacker cannot outright replace that cert. It will take an enormous amount programming to pull that off. In fact, a software vendor would have to program N amount of iterations for each client to pull that off. Otherwise, a cert is a cert is a cert…
Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂