Re: Heartbleed, clients and Android

[Yves-Alexis Perez <corsac () debian org>]

On Wed, Apr 09, 2014 at 12:21:29PM +0200, Hanno Böck wrote:
> On Wed, 9 Apr 2014 11:54:58 +0200
> Yves-Alexis Perez <corsac () debian org> wrote:
>
> > On Wed, Apr 09, 2014 at 11:30:29AM +0200, Hanno Böck wrote:
> > > I was asking myself some questions and I think others with more
> > > insight into what heartbleed means may be able to answer quickly:
> > > How does this affect client software? The PoCs we see send some
> > > malicous payload to servers and get some memory dumps. That doesn't
> > > affect clients?
> >
> > Yes, it does affect clients.
>
> Can anyone explain how an attack scenario would work?
> Is it like:
> * we have a Man-in-the-Middle.
> * Client/Server establish connection.
> * MitM inserts a malicious package with the heartbeat-payload and sends
>   it to the client, client parses package, verifying MAC fails, but it
>   still will output memory

Heartbeat can be sent before the ChangeCipherSpec message is sent, so
you don't have any TLS protection for that MITM.

So yeah, you can sit at a nearby wireless hotspot, wait for any client
to do some TLS trafic and heartbleed them (providing the client uses
OpenSSL).
> Or is it ONLY an issue if we contact a malicious server that may
> extract random information from the application's memory? (which would
> reduce the impact somewhat, e.g. operating system update systems or
> wget etc. wouldn't have to worry)

It's not hard to make people contact malicious servers, I think.

Regards,
-- 
Yves-Alexis Perez

Attachment: signature.asc
Description: Digital signature