hin255 - Fotolia
Cross-certificates are reportedly causing issues on Android devices. What's the vulnerability behind these issues? Is this something attackers can take advantage of, and if so, are there any ways to mitigate the problems?
Cross-certificates provide a means to create a chain of trust from a single, trusted root or subordinate certificate authority to multiple other root or subordinate CAs. A cross-signed digital certificate issued by one CA is used to sign the public key for the root certificate of another certificate authority, allowing certificates to be used and trusted between two CA hierarchies. For example, in Microsoft Windows, cross-certificates allow the operating system kernel to have a single trusted Microsoft root authority while extending the chain of trust to multiple commercial CAs that issue certificates used for code-signing software for distribution and installation on Windows machines.
In all cross-certification schemes, a single certificate will chain to different root CAs depending on which organization's computers are validating the certificate. For example, to configure complete trust between the subordinate and root CAs operated by the hypothetical Key Supplies Inc. and its customer Big Builders Inc., the root CA for each organization needs to be cross-certified with the subordinate enterprise CA in the other organization. This allows certificates issued by either CA to chain to a root that is trusted by each organization. If a certificate is issued to an employee of Key Supplies, it will validate up to the Key Supplies CA when verified by other computers within the Key Supplies network, but will validate up to the Big Builders CA if validated by a computer on the Big Builders' network.
Cross-signing can create very long certificate chains, and different chains exist for the same certificate. This makes certificate validation more expensive in terms of processing time and network traffic -- and adds extra complexity.
These reasons may be why there's a flaw in the way Android devices handle cross-signed certificates. Researchers at Trend Micro Inc. found the device may either slow down or hang when a specially-constructed malformed certificate -- created when two certificates are crossed-signed in a continuous loop -- is introduced into an Android device either by a new app being installed or by importing a specially crafted keychain. The vulnerability is caused by two commonly used classes in the Android framework -- the JarFile and KeyStore classes. The JarFile class is used to verify a jar package's certificates and signature files, but it falls into an endless loop when trying to validate a cross-signed certificate chain; the process keeps using up system resources until it is killed, which forces a device reboot. The KeyStore class used to process PKCS #12 files for the Android KeyStore suffers from the same problem. This bug is present in all Android versions, and potentially any code that implicitly or explicitly uses either class may be at risk.
However, this vulnerability doesn't have any immediate security implications; a similar bug was found in Firefox some years back. It is possible, though, that future research may find a way to inject or run arbitrary code when the device's system resources are depleted and it becomes unstable prior to rebooting.
Google is aware of this vulnerability but has given no timeframe for a fix. In the meantime, administrators should monitor security newsfeeds for news of a fix or evidence of an attack that can take advantage of this flaw. Users should, of course, only download apps from approved stores and immediately report if their device starts running slowly or rebooting unexpectedly.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on PKI and digital certificates
Related Q&A from Michael Cobb
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading