Security
Protecting the network data of one billion people: Breaking network crypto in popular Chinese mobile apps
In this talk, I will describe how my team and I systematically exploited around a dozen home-rolled network encryption protocols used by popular mobile apps like RedNote, Alipay, and some of the most popular mobile browsers in China to encrypt sensitive information. I'll demonstrate how network eavesdroppers could access users' browsing history and mobile activity.
This is a systemic issue; despite our work on the above protocols and the resulting vulnerability disclosures, this plague of home-rolled and proprietary encryption is still at large. I will end by discussing how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere.
TLS is not as universal as we might think. Applications with hundreds of millions of active users continue to use insecure, home-rolled proprietary network encryption to protect sensitive user data. This talk demonstrates that this is a widespread and systemic issue affecting a large portion of the most popular applications in the world. These issues are particularly concentrated in mobile applications developed in China, which have been overlooked by the global security community despite their massive popularity and influence.
To study this problem, I designed and implemented WireWatch, a pipeline to evaluate the network security of Android apps, for my PhD thesis dissertation. WireWatch measures apps’ usage of plaintext network traffic and non-standard, proprietary network cryptography. We found that 47.6% of top Mi Store applications used proprietary network cryptography without any additional encryption, compared to only 3.51% of top Google Play Store applications. We analyzed a variety of protocols from WireWatch, including cryptosystems designed by Alibaba, iQIYI, Kuaishou, and Tencent. Of the top 9 protocol families, we discovered vulnerabilities in 8 that allowed network eavesdroppers to decrypt underlying data. We also discovered additional vulnerabilities in several other protocols used by apps with hundreds of millions of users.
Through the vulnerabilities fixed as a result of this work, this research has directly improved the network security of up to one billion people. However, there were hundreds more proprietary protocols used by popular applications that we discovered. Verifying all of their security through manual reverse-engineering and vulnerability reporting is not feasible at this scale. What can we do as a community to fix this systemic issue and prevent such failures from occurring in the future?
Additional information
| Live Stream | https://streaming.media.ccc.de/39c3/one |
|---|---|
| Type | Talk |
| Language | English |
More sessions
| 12/27/25 |
The Great Firewall of China (GFW) is one of, if not arguably the most advanced Internet censorship systems in the world. Because repressive governments generally do not simply publish their censorship rules, the task of determining exactly what is and isn’t allowed falls upon the censorship measurement community, who run experiments over censored networks. In this talk, we’ll discuss two ways censorship measurement has evolved from passive experimentation to active attacks against the Great ...
|
| 12/27/25 |
Reports of GNSS interference in the Baltic Sea have become almost routine — airplanes losing GPS, ships drifting off course, and timing systems failing. But what happens when a group of engineers decides to build a navigation system that simply *doesn’t care* about the jammer? Since 2017, we’ve been developing **R-Mode**, a terrestrial navigation system that uses existing radio beacons and maritime infrastructure to provide independent positioning — no satellites needed. In this talk, ...
|
| 12/27/25 |
Zwei Jahre nach dem ersten KIM-Vortrag auf dem 37C3: Die gezeigten Schwachstellen wurden inzwischen geschlossen. Weiterhin können mit dem aktuellen KIM 1.5+ nun große Dateien bis 500 MB übertragen werden, das Signaturhandling wurde für die Nutzenden vereinfacht, indem die Detailinformationen der Signatur nicht mehr einsehbar sind. Aber ist das System jetzt sicher oder gibt es neue Probleme?
|
| 12/27/25 |
While trying to apply fault injection to the AMD Platform Security Processor with unusual (self-imposed) requirements/restrictions, it were software bugs which stopped initial glitching attempts. Once discovered, the software bug was used as an entry to explore the target, which in turn lead to uncovering (and exploiting) more and more bugs, ending up in EL3 of the most secure core on the chip. This talk is about the story of trying to glitch the AMD Platform Security Processor, then ...
|
| 12/27/25 |
The Deutschlandticket was the flagship transport policy of the last government, rolled out in an impressive timescale for a political project; but this speed came with a cost - a system ripe for fraud at an industrial scale. German public transport is famously decentralised, with thousands of individual companies involved in ticketing and operations. Unifying all of these under one national, secure, system has proven a challenge too far for politicians. The end result: losses in the hundreds of ...
|
| 12/27/25 |
In August 2024, Raspberry Pi released their newest MCU: The RP2350. Alongside the chip, they also released the RP2350 Hacking Challenge: A public call to break the secure boot implementation of the RP2350. This challenge concluded in January 2025 and led to five exciting attacks discovered by different individuals. In this talk, we will provide a technical deep dive in the RP2350 security architecture and highlight the different attacks. Afterwards, we talk about two of the breaks in ...
|
| 12/27/25 |
FreeBSD’s jail mechanism promises strong isolation—but how strong is it really? In this talk, we explore what it takes to escape a compromised FreeBSD jail by auditing the kernel’s attack surface, identifying dozens of vulnerabilities across exposed subsystems, and developing practical proof-of-concept exploits. We’ll share our findings, demo some real escapes, and discuss what they reveal about the challenges of maintaining robust OS isolation.
|
