iPhone / Yahoo: Too cool to do standards, too hip to do security.
20070719T140828+0000
Replay! Attack!
Okay, so those two words don?t mean anything to you.
Take one iPhone. Take a Yahoo mail account, supporting ?Push IMAP?, although it?s neither P-IMAP nor Lemonade. The iPhone authenticates to Yahoo using a proprietary mechanism called XYMPKI. The exchange goes like this:
iPhone: I?d like to authenticate using XYMPKI, please.
Yahoo: *nothing*
iPhone: Here?s a structured message, containing my device ID and a signature.
Yahoo: *nothing*
iPhone: Here?s my X.509 certificate in DER form.
Yahoo: Okay, I believe you.
Now, people have posted these traces on the web. Everyone knows that PKI is pretty secure, of course.
So, find one, and repeat it:
Me: I?d like to authenticate using XYMPKI, please.
Yahoo: *nothing*
Me: Here?s someone else?s first message, that I snooped off the wire, or grabbed via Google.
Yahoo: *nothing*
Me: Here?s someone else?s certificate, that I also got.
Yahoo: Okay, I believe you.
This is known as a replay attack. It?s not too serious, because any recent IMAP service supports TLS - they?re all mandated to by RFC3501, let alone Lemonade. This prevents replay attacks via sniffing, because you can?t get data. You?re still vulnerable to someone spoofing the DNS, and therefore pretending to be Yahoo?s server, although TLS certificate checking should catch this, too.
Oh, wait - because Yahoo! Don?t! Do! Standards!
So they don?t do TLS.
So not only does DNS spoofing work very nicely - thanks, Yahoo - but also anyone on an unencrypted access point can lift your credentials.
So.
What could Yahoo and Apple have done about this?
Well, firstly, they could have done TLS. That?d protect against the replay attack, as well as bringing them somewhat closer into line with the RFC they?re meant to be following.
Secondly, they could have used a different mechanism, say DIGEST-MD5 (venerable and moving to historic, but still quite good), GSSAPI, or simply TLS and SASL EXTERNAL based on the device certificate. Or some other proprietary mechanism that actually offered real security.
But they didn?t. Because they don?t, apparently, give a flying **** about basic security, standards, or indeed anything much other than how to look cool. I don?t know why I?m so angry about this, given I don?t own an iPhone, but it?s a further let-down from people who really ought to know better.
These things ought to be a showcase for technology, not a shiny box of stupidity.