Page 13 - FIGI: Security audit of various DFS applications

P. 13

The risk is that an attacker intercepting a request 2�6 M8 Code Tampering
for a money transfer could replay it to steal mon-
ey from the victim. T8�1  The application should refuse to run on a
rooted device:
When installed on a rooted android phone, the
2�5 M5 Insufficient Cryptography application should refuse to run.
Several security mechanisms can be disabled on
a) T5�1 The app should not use unsafe crypto rooted phone. This would allow an attacker to
primitives: tamper the code or the data of the application to
Algorithms like MD5, SHA-1, RC4, DES, 3DES, commit fraud.
Blowfish, ECB mode for block ciphers, non-cryp- If the application accepts to run on a rooted
tographic random generators are known to be device, then it should at least apply the following
weak and should not be used by the application . three security controls: Obfuscation of the code
7
This can be tested by analysing the binary of the (T9.1), apply certificate pinning to prevent inter-
application to see if it makes calls to these unsafe ception of communication with trusted certifi-
algorithms. cates (T3.3) and sensitive information should be
If sensitive information were handled or depen- encrypted by the application, even is transmitted
dent on these algorithms, the there is a risk that over HTTPS (T5.3).
an attacker could eavesdrop or manipulate that
information. The fact that these algorithms are
used does not necessarily mean that they are 2�7 M9 Reverse Engineering
used for sensitive operations. Still, it is a best
practice to not use these algorithms to create T9�1  The code of the app should be obfuscated:
any doubt. Several tools can be used to analyse the bina-
Note that even if the application fails this test, it ry of the app and detect if it has been obfus-
does not necessarily mean that the application cated. Alternatively, the code can tentatively be
uses unsafe crypto primitives for sensitive data. decompiled with a decompiler. If it succeeds, the
b) T5�2  The HTTPS connections should be config- decompiled code can be analysed to see if it is
ured according to best practices: intelligible.
By observing the network traffic of the app, the Obfuscating the code makes it much more diffi-
servers to which it talks can be identified. The cult to understand and analyse its logic and algo-
HTTPS configuration of these servers can be rithms.
tested using a tool like Qualys SSL Labs . The
8
overall rating should be B or more.
If HTTPS is not correctly configured, then some
eavesdropping or manipulation attacks are pos- 3 RESULTS
sible.
c) T5�3  The app should encrypt sensitive data that
is sent over HTTPS: 3�1 App1
This can be tested by intercepting the traffic App1 can be used to send money between users or
with an MITM proxy (see tests in M3). Note that to pay without cash in stores or at vending machines.
if the app uses certificate pinning, it is necessary Users are identified by their phone number. Know-
to disable this protection to intercept the traffic. ing another user's phone number is all that is needed
This is not always possible. to send money. Accounts are typically backed by a
If data is not encrypted by the application itself, bank account. It is also possible to have a prepaid
then a MITM can eavesdrop or modify the data. account that is independent of a bank account.

3.1.1 M1: Improper Platform Usage

√ T1.1 Android: allowBackup is set to false in the
manifest.
√ T1.2 Android: debuggable is not defined in the
manifest.

Security audit of various DFS applications 11

8 9 10 11 12 13 14 15 16 17 18