Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps

Tom Chothia; Flavio Garcia; Chris  Heppel; Christopher McMahon Stone

doi:10.1007/978-3-319-70972-7_33

Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps

Tom Chothia, Flavio Garcia, Chris Heppel, Christopher McMahon Stone

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

445 Downloads (Pure)

Abstract

This paper presents a security review of the mobile apps provided by the UK’s leading banks; we focus on the connections the apps make, and the way in which TLS is used. We apply existing TLS testing methods to the apps which only find errors in legacy apps. We then go on to look at extensions of these methods and find five of the apps have serious vulnerabilities. In particular, we find that two apps pin a TLS root CA certificate, but do not verify the hostname. In this case, the use of certificate pinning means that all existing test methods would miss detecting the hostname verification flaw. We find that three apps load adverts over insecure connections, which could be exploited for in-app phishing attacks. Some of the apps used the users’ PIN as authentication, for which PCI guidelines require extra security, so these apps use an additional cryptographic protocol; we study the underlying protocol of one banking app in detail and show that it provides little additional protection, meaning that an active man-in-the-middle attacker can retrieve the user’s credentials, login to the bank and perform every operation the legitimate user could.

Original language	English
Title of host publication	Financial Cryptography and Data Security
Subtitle of host publication	21st International Conference, FC 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers
Editors	Aggelos Kiayias
Publisher	Springer
Pages	579-597
Number of pages	18
ISBN (Electronic)	9783319709727
ISBN (Print)	9783319709710
DOIs	https://doi.org/10.1007/978-3-319-70972-7_33
Publication status	E-pub ahead of print - 23 Dec 2017
Event	21st International Conference on Financial Cryptography and Data Security (FC 2017) - Sliema, Malta Duration: 3 Apr 2017 → 7 Apr 2017

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	10322
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Financial Cryptography and Data Security (FC 2017)
Country/Territory	Malta
City	Sliema
Period	3/04/17 → 7/04/17

Access to Document

10.1007/978-3-319-70972-7_33

why_banker_bob
Checked for eligibility: 02/05/2018
Accepted author manuscript, 5.4 MBLicence: None: All rights reserved

Cite this

Chothia, T., Garcia, F., Heppel, C., & McMahon Stone, C. (2017). Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps. In A. Kiayias (Ed.), Financial Cryptography and Data Security: 21st International Conference, FC 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers (pp. 579-597). (Lecture Notes in Computer Science; Vol. 10322). Springer. Advance online publication. https://doi.org/10.1007/978-3-319-70972-7_33

Chothia, Tom ; Garcia, Flavio ; Heppel, Chris et al. / Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps. Financial Cryptography and Data Security: 21st International Conference, FC 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers. editor / Aggelos Kiayias. Springer, 2017. pp. 579-597 (Lecture Notes in Computer Science).

@inproceedings{3bc3ed87b97c412e89b551a2c9ccdc5c,

title = "Why banker Bob (still) can{\textquoteright}t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps",

abstract = "This paper presents a security review of the mobile apps provided by the UK{\textquoteright}s leading banks; we focus on the connections the apps make, and the way in which TLS is used. We apply existing TLS testing methods to the apps which only find errors in legacy apps. We then go on to look at extensions of these methods and find five of the apps have serious vulnerabilities. In particular, we find that two apps pin a TLS root CA certificate, but do not verify the hostname. In this case, the use of certificate pinning means that all existing test methods would miss detecting the hostname verification flaw. We find that three apps load adverts over insecure connections, which could be exploited for in-app phishing attacks. Some of the apps used the users{\textquoteright} PIN as authentication, for which PCI guidelines require extra security, so these apps use an additional cryptographic protocol; we study the underlying protocol of one banking app in detail and show that it provides little additional protection, meaning that an active man-in-the-middle attacker can retrieve the user{\textquoteright}s credentials, login to the bank and perform every operation the legitimate user could.",

author = "Tom Chothia and Flavio Garcia and Chris Heppel and {McMahon Stone}, Christopher",

year = "2017",

month = dec,

day = "23",

doi = "10.1007/978-3-319-70972-7_33",

language = "English",

isbn = "9783319709710",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "579--597",

editor = "Aggelos Kiayias",

booktitle = "Financial Cryptography and Data Security",

note = "21st International Conference on Financial Cryptography and Data Security (FC 2017) ; Conference date: 03-04-2017 Through 07-04-2017",

}

Chothia, T , Garcia, F, Heppel, C & McMahon Stone, C 2017, Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps. in A Kiayias (ed.), Financial Cryptography and Data Security: 21st International Conference, FC 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10322, Springer, pp. 579-597, 21st International Conference on Financial Cryptography and Data Security (FC 2017), Sliema, Malta, 3/04/17. https://doi.org/10.1007/978-3-319-70972-7_33

Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps. / Chothia, Tom ; Garcia, Flavio; Heppel, Chris et al.
Financial Cryptography and Data Security: 21st International Conference, FC 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers. ed. / Aggelos Kiayias. Springer, 2017. p. 579-597 (Lecture Notes in Computer Science; Vol. 10322).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps

AU - Chothia, Tom

AU - Garcia, Flavio

AU - Heppel, Chris

AU - McMahon Stone, Christopher

PY - 2017/12/23

Y1 - 2017/12/23

N2 - This paper presents a security review of the mobile apps provided by the UK’s leading banks; we focus on the connections the apps make, and the way in which TLS is used. We apply existing TLS testing methods to the apps which only find errors in legacy apps. We then go on to look at extensions of these methods and find five of the apps have serious vulnerabilities. In particular, we find that two apps pin a TLS root CA certificate, but do not verify the hostname. In this case, the use of certificate pinning means that all existing test methods would miss detecting the hostname verification flaw. We find that three apps load adverts over insecure connections, which could be exploited for in-app phishing attacks. Some of the apps used the users’ PIN as authentication, for which PCI guidelines require extra security, so these apps use an additional cryptographic protocol; we study the underlying protocol of one banking app in detail and show that it provides little additional protection, meaning that an active man-in-the-middle attacker can retrieve the user’s credentials, login to the bank and perform every operation the legitimate user could.

AB - This paper presents a security review of the mobile apps provided by the UK’s leading banks; we focus on the connections the apps make, and the way in which TLS is used. We apply existing TLS testing methods to the apps which only find errors in legacy apps. We then go on to look at extensions of these methods and find five of the apps have serious vulnerabilities. In particular, we find that two apps pin a TLS root CA certificate, but do not verify the hostname. In this case, the use of certificate pinning means that all existing test methods would miss detecting the hostname verification flaw. We find that three apps load adverts over insecure connections, which could be exploited for in-app phishing attacks. Some of the apps used the users’ PIN as authentication, for which PCI guidelines require extra security, so these apps use an additional cryptographic protocol; we study the underlying protocol of one banking app in detail and show that it provides little additional protection, meaning that an active man-in-the-middle attacker can retrieve the user’s credentials, login to the bank and perform every operation the legitimate user could.

U2 - 10.1007/978-3-319-70972-7_33

DO - 10.1007/978-3-319-70972-7_33

M3 - Conference contribution

SN - 9783319709710

T3 - Lecture Notes in Computer Science

SP - 579

EP - 597

BT - Financial Cryptography and Data Security

A2 - Kiayias, Aggelos

PB - Springer

T2 - 21st International Conference on Financial Cryptography and Data Security (FC 2017)

Y2 - 3 April 2017 through 7 April 2017

ER -

Chothia T , Garcia F, Heppel C, McMahon Stone C. Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps. In Kiayias A, editor, Financial Cryptography and Data Security: 21st International Conference, FC 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers. Springer. 2017. p. 579-597. (Lecture Notes in Computer Science). Epub 2017 Dec 23. doi: 10.1007/978-3-319-70972-7_33

Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this