JMP

XMPPTwitterReddit
Featured Image

CertWatch

singpolyma@singpolyma.net

As you may have already seen, on October 21st, it was reported that a long-running, successful MITM (Machine-In-The-Middle) attack against jabber.ru had been detected. The nature of this attack was not specific to the XMPP protocol in any way, but it was of special interest to us as members of the XMPP community. This kind of attack relies on being able to present a TLS certificate which anyone trying to connect will accept as valid. In this case, it was done by getting a valid certificate from Let’s Encrypt.

When it comes to mitigation strategies for client-to-server connections, luckily there is already an excellent option called channel binding. Most XMPP clients and servers already have some amount of support for this technique, and in the wake of this attack, most are scrambling to make sure their implementations are complete. Many service providers have also added CAA DNS records which can prevent the very specific way this attack was executed from succeeding.

We’ve been hard at work on a different tool that can also help with defense-in-depth for this kind of situation. Ultimately, a MITM will use a different public key from the one the server uses, even if it is wrapped in a signed certificate declared as valid by a trustworthy authority (like Let’s Encrypt). If we know what key is seen when trying to connect, and we know what key the server administrator expects us to see, we can detect an ongoing MITM of this variety even when the certificate presented is valid. The tool we have developed is in early testing now. We call it CertWatch.

The premise is simple. The server administrator knows exactly what public/private keypair they are using (or can easily find out) and publishes this in DNSSEC-signed DNS records for our tool to find. The tool then periodically polls the XMPP server over Tor to see what certificate is presented. If the key in the certificate matches the key in the DNS zone, we know the session is not MITM’d (some caveats below). CertWatch checks the current setup of any domain entered, and if not yet declaring any keys, it displays setup instructions. It will either tell you to enable DNSSEC or it will tell you which DNS records to add. Note that these records are additive, so it is safe to add multiple sets when serving multiple domains from one host through SRV records. Once everything looks good, running a domain through CertWatch will display a success message and instructions for getting notified of any issues. It will then poll the domain periodically, and if any key mismatches are found, those subscribing to notifications will receive an alert.

Some tools change your key on every certificate renewal, which means you would have to update your zone setup every time your certificates renew. Other tools allow you to reuse existing keys and save some hassle, such as certbot with the --reuse-key option.

Caveats

If we did our polls from our main server IPs, it would be easy for any attacker to detect our probes and selectively disable the MITM attack for us, making themselves invisible. Probing over Tor gives CertWatch a different IP for every request and a traffic profile almost certainly consistent with the sort that many MITM attackers are going to want to inspect. This is not perfect, however, and it may be possible to fingerprint our probes in other ways to selectively MITM some traffic and ignore others. Just because our tool’s sessions were not MITM’d does not prove that no sessions are.

Anyone with physical access to the server may also scrape the actual certificates and keys off the disk, or use similar techniques in order to execute a MITM with exactly the same key the server operator expects and would use. The particular mitigation technique CertWatch helps administrators implement is ineffective against this. Rotating the key occasionally may help, but it really depends on the sophistication of the attacker and how much access they have.

Check it Out

So head over to CertWatch, enter your service domain, and let us know what you think.

Newsletter: New website, new forums, new app feature

singpolyma@singpolyma.net

Hi everyone!

Welcome to the latest edition of your pseudo-monthly JMP update!

In case it’s been a while since you checked out JMP, here’s a refresher: JMP lets you send and receive text and picture messages (and calls) through a real phone number right from your computer, tablet, phone, or anything else that has a Jabber client.  Among other things, JMP has these features: Your phone number on every device; Multiple phone numbers, one app; Free as in Freedom; Share one number with multiple people.

This month we launched a full rewrite of our website.  While this rewrite was mostly precipitated by changes at our primary carrier partner, we managed to get a few improvements in there as well.  First of all, the search box on the homepage now accepts more than just area codes: a city then comma then two-letter state or province code is accepted, as well as zip codes or vanity patterns (like ~woof or ~1234).  This search is also now powered by XMPP commands in the backend, so you can now get a JMP number entirely without ever visiting the website, just talk to cheogram.com and send register jmp.chat to get started.

Next, our community has been testing more features in the pre-release Cheogram app.  This app is available to anyone who wants to test it by coming by the chatroom and asking for access.  When the app is a bit more ready, it will be released on F-Droid, hopefully in Q1 2022.  The big new feature right now is dialer integration.  This allows anyone using the app with cheogram.com added to their contacts to head to their native Android dialer and visit Settings > Calls > Calling accounts in the menu.  From there it should be possible to enable the calling account associated with your Jabber ID and then dial out directly from your native Android dialer app over JMP!  Any questions about this feature or the Cheogram app in general should be directed to the chatroom.

As our community grows it makes sense to reach more people where they are at, and not just hang out where we are most comfortable.  This month the freedomware project we sponsor and rely on, Sopranica, is opening two more venues where you will be able to get news from JMP or discuss the project generally: Lemmy and Reddit.  Here is the new complete list of official ways to communicate with our community:

Thanks for reading and have a wonderful rest of your week!

Creative Commons Attribution ShareAlike