macOS OCSP “telemetry”—Explainer and Mitigation with Noise

“Why is Apple spying on us?”

An OSCP request for a mozilla.org certificate, sent out by Firefox in plaintext, captured by Wireshark. You can query the serial number like this.

Complexity in trust

Ew, gross.
Example: My domain’s certificate was issued by Let’s Encrypt Authority X3, whose certificate was issued (cross-signed) by DST Root CA X3, whose certificate is listed in (trusted by) the root stores, all individually maintained by at least five different parties. Diagram on the right created by crt.sh.
Code signature information of trustd.
TLS certificate for ocsp.entrust.net is directing its OCSP queries to ocsp.entrust.net.
From WWDC18, I think. I miss a crowd. Any crowd.
Sending status_request extension request. The payload — Apple PKI OCSP request — gets encrypted by the TLS layer, and as of TLS 1.3, the extension response — TLS OCSP response — is also encrypted.

What can you do now?

Noise. Can you spot the “real” dots?
apple-ocsp-noiser in action.

--

--

--

Security Researcher || Software Developer · make break software · https://kidi.ng

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

InsurAce.io and ICHI confirm long-term partnership to protectusers against smart contract…

Online Credit Card Usage” — Convenience At Its Best

Online Credit Card Usage” – Convenience At Its Best

The Age of Credential Stuffing & Account Takeover

Black Hat — Penetration testing

Security Icons in mixed reality

Tech Is a Force for Good-and Other Tips from DC CyberWeek’s CyberTalks

Why Does Cybersecurity Matter?

How we are tracked online?

Learn How This Location Service Can Improve IoT and Asset Tracking

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dongsung Kim

Dongsung Kim

Security Researcher || Software Developer · make break software · https://kidi.ng

More from Medium

Embrace Making: 3D Influencer Highlight + Cloud 3D Print Tutorial

Dynamic Server Pages(DSP) on webMethods IS — With Demo.

basic DSP exmple

UTM on Apple’s M1: File sharing with Debian 11 (XFCE)

The Dangers Behind Facial Recognition Technology