How Mobile App Certificate Pinning Adds Protection from Man-in-the-Middle Attacks

by May 7, 2021#FrontPage, #Mobile

Printer Icon

Table of Content

  1. What Happens When a Client Makes a TLS/SSL Connection?
  2. Setting Up a MitM
  3. Intercepting SSL/TLS Messages
  4. Certificate Pinning

It’s not uncommon for a mobile app to “phone home” and work with a web-based API for any functionality and system feedback shown to users. Any time an application calls a remote API, it should use HTTPS (SSL/TLS) to connect to the remote server. However, this practice does not guarantee protection from man-in-the-middle (MitM) attacks when the user is connected to a public network such as open Wi-Fi. Certificate pinning is a technique that developers can adopt to protect users from MitM attacks, which expose their private data.

What Happens When a Client Makes a TLS/SSL Connection?

When a browser (or a mobile device) makes a connection to a secure server, the initial message sent to the server is a “ClientHello” message. This message contains information about the client including the SSL and TLS versions supported. This information is used by the remote server to perform a connection. The highest, most secure version of TLS or SSL is used to make the connection, which is why it’s imperative that remote servers support the highest level of encryption available.

The encrypted connection uses an intermediate called a certificate authority (CA). A CA contains a list of public keys available for remote servers, and the client’s operating system has a list of trusted CAs to obtain public keys. The remote server’s public key is used by the client to send an encrypted message to the server. The message contains a symmetric key that will then be used to encrypt further messages. With the symmetric key transferred, the remote server and the client can now communicate as long as the session is active.

The cybersecurity efficiency of this process relies on the “ClientHello” message using the highest level of ciphers that protect from an attacker obtaining the symmetric key. The symmetric key is used to encrypt and decrypt messages, but it should only be available to the client and the remote server. With the symmetric key, an attacker can read messages sent between the client and the server.

Setting Up a MitM

For an attacker to obtain information from a targeted user, the attacker’s device must be used as a proxy between the client and the server. This means that the targeted user’s browser uses the attacker’s device as an intermediate to send data from the client to the remote server. Any messages sent back to the client are also funneled through the attacker’s device.

The first step for an attacker is to perform ARP spoofing. ARP (Address Resolution Protocol) is the system used to link an IP address with a network card’s MAC address. A MAC address is an alphanumeric value assigned to a network card. It’s a unique value, meaning every network card has its own MAC address that identifies a device from all others on the network. When you access a site by IP address, ARP identifies the MAC address of the default gateway to route messages. In a MitM attack, this address is the attacker’s MAC.

ARP spoofing is done using a set of commands that tells the targeted user the attacker’s machine is the default gateway, and the router that is the true default gateway is also poisoned to believe that the attacker’s machine should receive messages dedicated to the targeted user. With ARP spoofing, all messages on the network sent to a targeted user are proxied through the attacker’s device.

Intercepting SSL/TLS Messages

With the attacker as the new proxy for messages, intercepting them is now possible. It’s done by intercepting the initial ClientHello message sent during a request for a connection from the remote server. In this request, the message contains the cryptographic ciphers supported by the local client. The attacker intercepts this message and drops it when the cipher supported is secure. When the message is dropped, the client will send another one with a lower (or older) cryptographic cipher. If the server supports and older cipher, the attacker allows the connection and now the client is connected to the remote server with a cryptographically insecure connection, allowing the attacker to read messages.

The client will send a message with the symmetric key, but since the attacker can read messages, the key will be available also to the attacker. Any messages sent with this key will be decrypted by the attacker’s device. Any sensitive data, credentials, and other private information can then be stolen by the attacker.

In addition, the attacker can also trick the client into installing their own self-signed certificate by intercepting the public key request. When an attacker sends a self-signed certificate, traffic between the client and the remote server can be eavesdropped. The attacker can perform this attack by tricking the user into accessing an attacker-controlled website and ask them to install the certificate to browse content. It only takes a few vulnerable targets for the attacker to have a successful MitM attack and eavesdrop on sensitive data.

Certificate Pinning

This type of MitM attack is completely invisible to the user. The only way a user would know that the connection is using an older, insecure cipher is to notice that the browser returns a message indicating that the connection is using an older version of TLS or SSL. Certificate pinning, however, can eliminate the attacker’s ability to intercept and downgrade the cryptographic connection to the server.

With certificate pinning, the developer “pins” the trusted certificate to the application. Instead of using a CA to retrieve the public key, the public key and certificate are pinned to the application. This “cached” version of the certificate will filter out any outside certificates and eliminates the step where the user’s browser retrieves a public key from a CA.

It’s important to note that certificate pinning stops some MitM attacks but not all. With the emergence of mobile devices and APIs, it’s important that developers use methods that protect user data especially when many of them rely on public Wi-Fi to save on mobile data costs. Certificate pinning is not an all-encompassing cybersecurity effort, but it’s one piece in a myriad of factors when working with sensitive data, mobile apps, and communication with remote servers.

About Us: Krasamo is a mobile development and consulting company focused on the Internet-of-Things and Digital Transformation.

Click here to learn more about our mobile development services.