What’s going on in MTN-Irancell’s WiMAX network? Where does it come from? Whose is it? and finally, is it secure?
Actually these are my questions too! But I’ve found few things that made me feel insecure while working on the Irancell’s network!
So, where to start? Just plug in the power cable, then connect the Ethernet cable to a computer, and surf the Internet … NO! first we have to login to a Portal like this:
Hotspot Portal (click to enlarge)
But let’s check it again … the page is using https, cool! But wait a second, after checking the SSL Certificate I noticed the first problem; this is the certificate, and this is the output of OpenSSL X.509 utility:
mahrud@eve:~/$ openssl x509 -in 172.23.130.41.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1249623964 (0x4a7bbf9c)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei, OU=RM9000, CN=Huawei
Validity
Not Before: Aug 7 05:46:04 2009 GMT
Not After : Mar 1 05:46:04 2108 GMT
Subject: C=CN, ST=Jiangsu, L=Nanjing, O=Huawei, OU=RM9000, CN=Huawei
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:bc:97:64:7a:70:1d:00:5c:10:83:d8:35:8e:63:
9c:dd:4d:4c:7d:5d:f3:f0:e2:64:d1:d7:d2:7e:96:
70:69:54:d3:32:9e:90:df:1a:b7:3d:2c:04:ad:ac:
10:6f:b5:c4:a2:a4:04:06:60:1f:23:97:56:70:38:
ab:62:5d:5f:b2:78:24:4f:42:ff:00:94:64:bf:c7:
75:74:29:3e:0c:47:00:56:a9:41:3e:db:9c:85:ac:
ca:89:0d:22:6d:00:54:b3:c4:65:2c:d8:23:01:ec:
3b:1d:96:48:e8:4a:a0:60:aa:fe:c9:b7:a0:15:8a:
c2:48:af:38:0f:1b:a3:65:c5
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
5c:fb:5b:46:60:06:77:7e:90:86:59:0d:ae:c6:7d:da:e6:14:
b6:c8:6d:cf:76:ea:8a:cb:db:8e:63:aa:80:7b:b2:aa:8a:81:
04:fd:50:58:f1:20:98:f2:b1:52:66:95:04:8d:e0:45:7e:b6:
32:bc:98:59:45:1e:e0:0d:cb:f2:ca:5b:9c:5f:83:6e:cc:5d:
97:6e:21:e3:5d:e5:cf:9b:08:08:72:d6:e7:58:b2:71:46:0e:
ba:ea:1c:7a:ce:ae:00:d4:07:25:cf:fc:bb:4c:2b:70:1c:60:
6b:59:1e:9b:08:2c:c9:fa:b2:6c:3a:11:01:a8:60:4d:b6:3c:
5b:11
THIS IS A SELF-SIGNED X.509 CERTIFICATE THAT ISSUES HUAWEI! Even the Country and City is located at China! So does it mean that they just copied the Huawei’s certificate? I don’t think so. Take a look at the time of validity of certificate: it starts from Aug, 7 05:46:04 2009. I’m not sure, perhaps this is when they configured the system. Now look at OU (Organization Unit): RM9000; Where is there? What does it mean? I don’t know!
Conclusion
I really don’t know what can I say! After all these things, I have nothing but more questions: Why did they use Huawei’s information in that self-signed certificate? It could be a simple cert generator script, but what worries me is the possibility that this is not the only thing that our engineers’ eyes didn’t catch; this might look like a simple mistake from either parties in a business contract, but it can give Chinese hackers or even their government an easy opportunity for organized espionage.