We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Very Pwnable Network (VPN)

8
 Zitieren
 Teilen
 Zugehöriges Material
 Herunterladen
 Bestellen
Logo von Chaos Computer Club e.V.Chaos Computer Club e.V.
 Classen, Jiska Roitburd, Gerbert Ortmann, Matthias

Formale Metadaten

Titel
Very Pwnable Network (VPN)
Serientitel
Anzahl der Teile
275
Autor
Mitwirkende
Lizenz
CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Virtual Pwn Networks (VPNs) add a network layer that should provide privacy and security. The privacy of VPNs clearly depends on their endpoint, thus, many companies run their own instances. We demonstrate that VPNs can be insecure nonetheless, as the users connecting to a company's VPN typically requires proprietary client software on their systems. These proprietary clients lack security, as we show based on the Cisco AnyConnect client for Linux and iOS. This research starts with a weird series of crashes on Jiska's iPhone. Due to her ongoing paranoia, she decided to use a VPN, and because she had to trust her university's network anyway, she decided to use her university's Cisco VPN service. Obviously, this did not go well, and soon she had crash logs with memory accesses to invalid addresses, because these addresses were representing Strings?! These errors only occurred when she had bad network connectivity and no debugging enabled, so nobody was able to reproduce them. Either way, to start analyzing Cisco AnyConnect security, the more accessible Linux client was the first option. Gerbert did a detailed analysis and documented how this client works, since there was no documentation at all and users basically install a black box on their system. The application is by no means just a VPN client anymore. In addition to VPN connections, the application offers a number of special features like auto updating, file deployment and host assessment. The AnyConnect Linux client is even able to execute arbitrary scripts provided by the server, thus, the user needs to ultimately trust the AnyConnect provider. Even if this trust assumption holds true, the client is so complex that various attack vectors become possible. Gerbert found two vulnerabilities resulting in three attack scenarios. One of the issues was fixed without being assigned a CVE, the other one got CVE-2020-3556. Matthias continued with the iOS client, which is even harder to analyze than the closed-source Linux client. Since many Linux features are not available on iOS and the client has a completely different design, the previously found attacks do not apply. However, he will show the general architecture of this iOS Cisco AnyConnect Network Extension.
Schlagwörter