In the past two weeks, Apple has released updates for its iOS and OSX operating systems to fix, what is now called the “goto fail” bug among other things. To the average user of these devices, this can be slightly worrying, since the implementation of one of the core encryption algorithms contained a major flaw. But, unless you understand cryptography and have a pretty solid knowledge of programming, understanding why this was a major flaw can be difficult. So, in this article, I’m going to try to break down the anatomy of the vulnerability and explain what went wrong, and why it is incredibly bad.
Let’s start by going over how Transport Layer Security (TLS), the encryption algorithm in question, works. TLS encrypts your web traffic when you visit websites using that start with “https” instead of “http.” When a website uses https, it has a certificate, issued from a certificate authority, that it uses to verify its identity. When you visit that page the browser gets a special key and the certificate so it can validate that the certificate is trusted (i.e. not malicious), it is valid (hasn’t expired), and it is actually from the site that it is coming from (not fake). Once that has been verified, the browser and the website create a special key that is used to encrypt all of the web traffic during that session. Once the session ends, the key is thrown out and a new one must be created for a new session to begin.
So, the question is where was the bug inside of Apple’s implementation of this algorithm? If we look at the source code, there are multiple checks to ensure that each step of the algorithm works. Essentially, each if statement is saying that if this specific part of the algorithm returns an error or has invalid data, go to the section of code where failures are handled. However, in C, the language it is implemented in, if braces ({, }) are not surrounding the statement below the “if” only one line of code is considered to be included in the if statement. So if you take a look at the circled if statement, there is a second “goto fail” included. Since there are no braces, this will always execute and never execute the last steps of the algorithm.
This is a glaring security vulnerability that also could explain some of the information that came out of Snowden about the NSA being able to read iPhone traffic. It turns out that this vulnerability has existed from over a year, when the extra goto fail appeared in a seemingly unrelated change to the code base. Regardless, there is now an easy fix to make sure that you are protected from this vulnerability.
First, ensure that any iPhones, iPads and Macs that you have are fully up to date with the latest version of their respective operating systems. For iPhones and iPads this is iOS 7.0.6 or iOS 6.1.6 (depending on your device) and for Macs make sure you are running OSX 10.9.2. These versions have the extra “goto fail” removed from the TLS algorithm and are no longer vulnerable to potential exploits.
Leave a Reply