Title: Exchanging Demands: Weaknesses in SSL Implementations for Mobile Platforms
Authors: Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone
The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement.This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices.A two-phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man-in-the-middle attack to gain a vantage point over the client device, whilst Phase2 involves spoofing the server-side ActiveSync responses to initiate the unauthorised policy enforcement.These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to performa remote factory reset upon an Exchange-integrated Smart phone.
Files: Full Paper (PDF)