No problem Jeffrey, apologies if I wasn't very clear in my questions. I'd inspect the certificates on Android if I knew how. In addition, I'm not sure of the exact details of how security is handled in Gmail. For example, if it uses HTTP to communicate with gmail.com as a normal web client would, then I could probably make a lucky guess, but if they use some special mechanism for communicating with their servers to send/receive emails, then I'd be unaware of what certificates they use and how to view them.
--------- Robert Dailey On Tue, Jun 18, 2013 at 1:34 PM, Jeffrey Walton <[email protected]> wrote: > On Tue, Jun 18, 2013 at 2:28 PM, Robert Dailey <[email protected]> wrote: > > But I already knew that, remember? :) > Oh, my bad. I did not realize you knew that. > > > What I'm trying to figure out is if the same thing is happening to Gmail > > (app) on Android. > Inspect the server's certificate if possible. I can only say "if > possible" because I don't put email on mobile devices, so I can't test > it (there's too much risk). I do use mobile devices for 2nd factor, > such as Google Authenticator. > > Jeff > > > On Tue, Jun 18, 2013 at 1:27 PM, Jeffrey Walton <[email protected]> > wrote: > >> > >> Yes, you are being intercepted. > >> > >> On Tue, Jun 18, 2013 at 2:17 PM, Robert Dailey <[email protected]> > wrote: > >> > Here you go. Notice how the certificate I receive is "self-signed", > >> > that's > >> > what caused the error in Chrome I believe: > >> > > >> > $ echo "GET HTTP/1.0" | openssl s_client -connect gmail.com:443 > >> > CONNECTED(00000003) > >> > depth=2 DC = com, DC = good, DC = corp, CN = SPRINGTHINGS > >> > verify error:num=19:self signed certificate in certificate chain > >> > verify return:0 > >> > --- > >> > Certificate chain > >> > 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN= > mail.google.com > >> > i:/C=US/ST=Texas/L=Dallas/O=Good > >> > Technology/OU=IT/CN=dal-sg01/[email protected] > >> > 1 s:/C=US/ST=Texas/L=Dallas/O=Good > >> > Technology/OU=IT/CN=dal-sg01/[email protected] > >> > i:/DC=com/DC=good/DC=corp/CN=SPRINGTHINGS > >> > 2 s:/DC=com/DC=good/DC=corp/CN=SPRINGTHINGS > >> > i:/DC=com/DC=good/DC=corp/CN=SPRINGTHINGS > >> > --- > >> > Server certificate > >> > -----BEGIN CERTIFICATE----- > >> > MIIEXDCCA8WgAwIBAgIJAJZwTAAAAAAAMA0GCSqGSIb3DQEBBQUAMIGKMQswCQYD > >> > VQQGEwJVUzEOMAwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkRhbGxhczEYMBYGA1UE > >> > ChMPR29vZCBUZWNobm9sb2d5MQswCQYDVQQLEwJJVDERMA8GA1UEAxMIZGFsLXNn > >> > MDExIDAeBgkqhkiG9w0BCQEWEWhlbHBkZXNrQGdvb2QuY29tMB4XDTEzMDYwNTE5 > >> > MDYzM1oXDTEzMTAzMTIzNTk1OVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNh > >> > bGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2ds > >> > ZSBJbmMxGDAWBgNVBAMTD21haWwuZ29vZ2xlLmNvbTCBnTANBgkqhkiG9w0BAQEF > >> > AAOBiwAwgYcCgYEAmOKYGiA+9kVvTx2s7mmnzakpmTdYe/wUgnLr44SCj+XTjLWX > >> > n0cKCDkFN9nLxcOxCu4QykU3P5Ert6cfiDjdxWrKl9KiWV01TiQKIAZd4DsPoicy > >> > ptm3vaaZYWODAUZ4rXmk3Yp4zgrybgO6ClRVO++eQ+rgUHwxXlCxgrLWVJsCAQOj > >> > ggHqMIIB5jAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAfBgNVHSMEGDAWgBRibW42 > >> > 2/ppv5bbmy+8Uky9lX7iyjAaBgNVHREEEzARgg9tYWlsLmdvb2dsZS5jb20wgbkG > >> > CWCGSAGG+EIBDQSBqxaBqEdvb2QgVGVjaG5vbG9neSBJVCBOb3RpY2U6ICBUcmFu > >> > c3BhcmVudGx5IGludGVyY2VwdGVkIG9uIFsyMDEzLTA2LTE4XSBieSBCbHVlQ29h > >> > dCBQcm94eVNHIG5hbWVkIFtkYWwtc2cwMV0gcnVubmluZyBTR09TIFs2LjMuNS4x > >> > XS4gICAgUXVlc3Rpb25zPyBlbWFpbCBoZWxwZGVza0Bnb29kLmNvbTCB0gYDVR0g > >> > BIHKMIHHMIHEBgRVHSAAMIG7MIG4BggrBgEFBQcCAjCBqxqBqEdvb2QgVGVjaG5v > >> > bG9neSBJVCBOb3RpY2U6ICBUcmFuc3BhcmVudGx5IGludGVyY2VwdGVkIG9uIFsy > >> > MDEzLTA2LTE4XSBieSBCbHVlQ29hdCBQcm94eVNHIG5hbWVkIFtkYWwtc2cwMV0g > >> > cnVubmluZyBTR09TIFs2LjMuNS4xXS4gICAgUXVlc3Rpb25zPyBlbWFpbCBoZWxw > >> > ZGVza0Bnb29kLmNvbTANBgkqhkiG9w0BAQUFAAOBgQAXuByOMTCu/7rrnsKgfxh3 > >> > r6WuwGWGoWhnnkiPSSTX7KY1TFMumvb3TVZ8IW3sLgnj5WBUiGQI0HQEFv0Mo0H/ > >> > EplbQVUceMtvTBC0zarULxswYeu+M2jLIPhfZ06xJZHACnHMhnesJ2RKc25eptES > >> > xewgbIL2oGbDEvnUkIfBMQ== > >> > -----END CERTIFICATE----- > >> > subject=/C=US/ST=California/L=Mountain View/O=Google > >> > Inc/CN=mail.google.com > >> > issuer=/C=US/ST=Texas/L=Dallas/O=Good > >> > Technology/OU=IT/CN=dal-sg01/[email protected] > >> > --- > >> > No client certificate CA names sent > >> > --- > >> > SSL handshake has read 3948 bytes and written 518 bytes > >> > --- > >> > New, TLSv1/SSLv3, Cipher is AES256-SHA > >> > Server public key is 1024 bit > >> > Secure Renegotiation IS supported > >> > Compression: NONE > >> > Expansion: NONE > >> > SSL-Session: > >> > Protocol : TLSv1 > >> > Cipher : AES256-SHA > >> > Session-ID: > >> > ABEE40AEEA7ABBB9AC6C6CA41E4DEF67FA3C991B3ADB1A0AFCC652762C9AB709 > >> > Session-ID-ctx: > >> > Master-Key: > >> > > >> > > 7416AAF95351B652227852C810B7A2E1AAE77E4DED41F7F360CDDC9A09DF7B125808E9FC409361FAAAB29C1F138E74CC > >> > Key-Arg : None > >> > PSK identity: None > >> > PSK identity hint: None > >> > SRP username: None > >> > Start Time: 1371579331 > >> > Timeout : 300 (sec) > >> > Verify return code: 19 (self signed certificate in certificate > >> > chain) > >> > --- > >> > DONE > >> > > >> > > >> > > >> > --------- > >> > Robert Dailey > >> > > >> > > >> > On Tue, Jun 18, 2013 at 1:08 PM, Jeffrey Walton <[email protected]> > >> > wrote: > >> >> > >> >> On Tue, Jun 18, 2013 at 1:53 PM, Robert Dailey <[email protected]> > >> >> wrote: > >> >> > Well, I know that the CA changes in Chrome when I access Gmail and > I > >> >> > do > >> >> > get > >> >> > a warning notification of that, although it wasn't installed on the > >> >> > system > >> >> > at that time (if I choose to continue anyway). > >> >> Hmmm... That could be an indication that someone is intercepting your > >> >> communications. The fellow in Iran who alerted us to the Diginotar > >> >> failure started that way too. > >> >> > >> >> > >> >> > http://productforums.google.com/forum/#!category-topic/gmail/share-and-discuss-with-others/3J3r2JqFNTw > . > >> >> > >> >> As far as I know, Google/Chrome has not changed its keys yet (its > >> >> supposed to occur in August). So you should not be receiving a > >> >> warning. > >> >> > >> >> > http://www.h-online.com/security/news/item/Google-to-replace-SSL-certificates-1869281.html > >> >> > >> >> Are you using CertPatrol? CertPatrol pins the certificate (and not > the > >> >> public key), so you will get a warning even if the same key is > >> >> re-certificated. Its common to use a certificate with a short > lifetime > >> >> to keep CRLs manageable (I suspect there are some possible security > >> >> benefits too). Google practices it by rotating its certificates every > >> >> 30 days or so. > >> >> > >> >> > On Android, however, I do not see the certificate installed. So, > does > >> >> > that > >> >> > mean that Gmail traffic is not being intercepted? > >> >> Can you issue the following from the command line and post the > results: > >> >> > >> >> $ echo "GET HTTP/1.0" | openssl s_client -connect gmail.com:443 > >> >> CONNECTED(00000003) > >> >> depth=1 C = US, O = Google Inc, CN = Google Internet Authority > >> >> verify error:num=20:unable to get local issuer certificate > >> >> verify return:0 > >> >> --- > >> >> Certificate chain > >> >> 0 s:/C=US/ST=California/L=Mountain View/O=Google > >> >> Inc/CN=mail.google.com > >> >> i:/C=US/O=Google Inc/CN=Google Internet Authority > >> >> 1 s:/C=US/O=Google Inc/CN=Google Internet Authority > >> >> i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority > >> >> --- > >> >> Server certificate > >> >> -----BEGIN CERTIFICATE----- > >> >> MIIDgjCCAuugAwIBAgIKN8yQgAABAACMwjANBgkqhkiG9w0BAQUFADBGMQswCQYD > >> >> VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu > >> >> dGVybmV0IEF1dGhvcml0eTAeFw0xMzA2MDUxOTA2MzNaFw0xMzEwMzEyMzU5NTla > >> >> MGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N > >> >> b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRgwFgYDVQQDEw9tYWls > >> >> Lmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANLmzUU+okQM > >> >> MXLvLDvi5cTGoLgyDpx+e2gvFUNIlyQCPCvAuM90K3Y3M+UxL3JT+KxeAbt8tzJA > >> >> 5Sh4X92pO9q2rwUwVyvCy1kpLjTs5YmeYXBqkatJPBskjhI1gkJr/Cjy7q4bXGDF > >> >> 6KU9oRo6GbNehPm1kx0F6Z0quoZrzn2DAgMBAAGjggFSMIIBTjAdBgNVHSUEFjAU > >> >> BggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFJ0KYTWDuaArJBl7Hdocp/Ut > >> >> rR1yMB8GA1UdIwQYMBaAFL/AMOv1QxE+Z7qekfv8atrjaxIkMFsGA1UdHwRUMFIw > >> >> UKBOoEyGSmh0dHA6Ly93d3cuZ3N0YXRpYy5jb20vR29vZ2xlSW50ZXJuZXRBdXRo > >> >> b3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkuY3JsMGYGCCsGAQUFBwEBBFow > >> >> WDBWBggrBgEFBQcwAoZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRl > >> >> cm5ldEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcnQwDAYDVR0T > >> >> AQH/BAIwADAaBgNVHREEEzARgg9tYWlsLmdvb2dsZS5jb20wDQYJKoZIhvcNAQEF > >> >> BQADgYEAmnlaU65izftsi/WblWCUos1nln9afwEJkfoVfQyqBUPYmwz2RLVjr42d > >> >> hrJIMhQqYlsW2W1AqnHF2oIM3Lc4wO//ltnX1/GqEx97RsFFM4KFN+ycXeD/trkZ > >> >> HGlGJhAnw2zOw4hDDHA2BEPRIj2isbnSsfQgrHGDZsrrMGgAmoA= > >> >> -----END CERTIFICATE----- > >> >> subject=/C=US/ST=California/L=Mountain View/O=Google > >> >> Inc/CN=mail.google.com > >> >> issuer=/C=US/O=Google Inc/CN=Google Internet Authority > >> >> --- > >> >> No client certificate CA names sent > >> >> --- > >> >> SSL handshake has read 2116 bytes and written 448 bytes > >> >> --- > >> >> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 > >> >> Server public key is 1024 bit > >> >> Secure Renegotiation IS supported > >> >> Compression: NONE > >> >> ... > >> >> > >> >> Start Time: 1371578823 > >> >> Timeout : 300 (sec) > >> >> Verify return code: 20 (unable to get local issuer certificate) > >> >> --- > >> >> DONE > >> >> > >> >> > >> >> > >> >> Jeff > >> >> > >> >> > On Tue, Jun 18, 2013 at 12:50 PM, Brian Carlstrom <[email protected]> > >> >> > wrote: > >> >> >> > >> >> >> Presumably they perform MITM by installing a CA controlled by > proxy > >> >> >> on > >> >> >> your system. > >> >> >> > >> >> >> -bri > >> >> >> > >> >> >> On Tue, Jun 18, 2013 at 10:05 AM, Robert Dailey < > [email protected]> > >> >> >> wrote: > >> >> >> > Could you explain a bit better? I asked my IT department, and > they > >> >> >> > said > >> >> >> > they > >> >> >> > do monitor gmail traffic on Android. However, he could have been > >> >> >> > lying > >> >> >> > or > >> >> >> > just making a blanket statement. I figured out that they are > using > >> >> >> > "BlueCoat > >> >> >> > ProxySG" to perform MITM on web-gmail, but I'm not familiar > enough > >> >> >> > with > >> >> >> > Android to understand why this also isn't being done on Gmail > app > >> >> >> > for > >> >> >> > Android. Is Android more secure because it has the trusted > >> >> >> > credentials? > >> >> >> > I'm > >> >> >> > assuming those are all known and accepted root certificates, so > if > >> >> >> > they > >> >> >> > did > >> >> >> > indeed try to MITM gmail on Android, then the root would change > >> >> >> > and > >> >> >> > thus, > >> >> >> > I'd hope Gmail would fail to accept it or something of that > sort. > >> >> >> > > >> >> >> > > >> >> >> > --------- > >> >> >> > Robert Dailey > >> >> >> > > >> >> >> > > >> >> >> > On Tue, Jun 18, 2013 at 11:54 AM, Brian Carlstrom < > [email protected]> > >> >> >> > wrote: > >> >> >> >> > >> >> >> >> On Tue, Jun 18, 2013 at 8:52 AM, Jeffrey Walton > >> >> >> >> <[email protected]> > >> >> >> >> wrote: > >> >> >> >> > On Mon, Jun 17, 2013 at 2:09 PM, Robert Dailey > >> >> >> >> > <[email protected]> > >> >> >> >> > wrote: > >> >> >> >> >> Is it possible for MITM to occur for traffic on the Android > >> >> >> >> >> Gmail > >> >> >> >> >> client > >> >> >> >> >> when connected to a Wifi network > >> >> >> >> > Yes, its possible. > >> >> >> >> > >> >> >> >> Not unless a system CA has been compromised (which could then > be > >> >> >> >> disabled in Settings > Security > Trusted Credentials) or a > user > >> >> >> >> CA > >> >> >> >> has been installed (which could be uninstalled from the same > >> >> >> >> location) > >> >> >> >> > >> >> >> >> -bri > >> >> >> >> > >> >> >> >> > > >> >> >> >> >> If so, how can I verify whether or not my > >> >> >> >> >> SSL certificate has been compromised for Gmail? > >> >> >> >> > Pin the server's certificate or public key. > >> >> >> >> > > >> >> >> >> > > >> >> >> >> > > https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning. > >> >> >> >> > > >> >> >> >> > If you are dealing with a browser-based app, then you are out > >> >> >> >> > of > >> >> >> >> > luck. > >> >> >> >> > Javascript, WebSockets, WebCrypto and other components in the > >> >> >> >> > stack > >> >> >> >> > don't make the required connection information available. In > >> >> >> >> > this > >> >> >> >> > case, you need to write a hybrid app or native app. Many > people > >> >> >> >> > don't > >> >> >> >> > want to hear their browser-based app can't handle a > particular > >> >> >> >> > data > >> >> >> >> > sensitivity level, and it usually goes over like a turd in a > >> >> >> >> > punch > >> >> >> >> > bowl. > >> >> >> >> > > >> >> >> >> > Not all apps need to pin. If the app is dealing with > throwaway, > >> >> >> >> > low > >> >> >> >> > value data, then it does not matter - browser-based apps are > >> >> >> >> > fine. > >> >> >> >> > For > >> >> >> >> > medium value (for example, an organization's Single Sign On > >> >> >> >> > password) > >> >> >> >> > and high value data (such as information covered under US > >> >> >> >> > Federal > >> >> >> >> > law), then you probably can't use a browser-based app. > >> >> >> >> > > >> >> >> >> > In the future, sites (servers) will [likely] be able to ask > the > >> >> >> >> > browser (clients) to pin certificates via > >> >> >> >> > > https://tools.ietf.org/id/draft-ietf-websec-key-pinning-05.txt. > >> >> >> >> > However, there is no guarantee a client will perform a pin in > >> >> >> >> > the > >> >> >> >> > absence of a server's request. > > > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
