Popular Android apps are rife with cryptographic vulnerabilities
Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities.
They also used it to test 1780 popular Android apps from the Google Play Store, and the results were abysmal:
- All apps break at least one of the 26 crypto rules
- 1775 apps use an unsafe pseudorandom number generator (PRNG)
- 1,764 apps use a broken hash function (SHA1, MD2, MD5, etc.)
- 1,076 apps use the CBC operation mode (which is vulnerable to padding oracle attacks in client-server scenarios)
- 820 apps use a static symmetric encryption key (hardcoded)
About Crylogger
Each of the tested apps with an instrumented crypto library were run in Crylogger, which logs the parameters that are passed to the crypto APIs during the execution and then checks their legitimacy offline by using a list of crypto rules.
“Cryptographic (crypto) algorithms are the essential ingredients of all secure systems: crypto hash functions and encryption algorithms, for example, can guarantee properties such as integrity and confidentiality,” the researchers explained.
“A crypto misuse is an invocation to a crypto API that does not respect common security guidelines, such as those suggested by cryptographers or organizations like NIST and IETF.”
To confirm that the cryptographic vulnerabilities flagged by Crylogger can actually be exploited, the researchers manually reverse-engineered 28 of the tested apps and found that 14 of them are vulnerable to attacks (even though some issues may be considered out-of-scope by developers because they require privilege escalation for effective exploitation).
Recommended use
Comparing the results of Crylogger (a dynamic analysis tool) with those of CryptoGuard (an open source static analysis tool for detecting crypto misuses in Java-based applications) when testing 150 apps, the researchers found that the former flags some issues that the latter misses, and vice versa.
The best thing for developers would be to test their applications with both before they offer them for download, the researchers noted. Also, Crylogger can be used to check apps submitted to app stores.
“Using a dynamic tool on a large number of apps is hard, but Crylogger can refine the misuses identified with static analysis because, typically, many of them are false positives that cannot be discarded manually on such a large number of apps,” they concluded.
Worrying findings
As noted at the beginning of this piece, too many apps break too many cryptographic rules. What’s more, too many app and library developers are choosing to effectively ignore these problems.
The researchers emailed 306 developers of Android apps that violate 9 or more of the crypto rules: only 18 developers answered back, and only 8 of them continued to communicate after that first email and provided useful feedback on their findings. They also contacted 6 developers of popular Android libraries and received answers from 2 of them.
The researchers chose not to reveal the names of the vulnerable apps and libraries because they fear that information would benefit attackers, but they shared enough to show that these issues affect all types of apps: from media streaming and newspaper apps, to file and password managers, authentication apps, messaging apps, and so on.