AndroidTacticalAssaultKit-CIV
AndroidTacticalAssaultKit-CIV copied to clipboard
deptofdefense
network security settings hamstrung by ATAK source code
The default configuration of ATAK comes overly permissive with a number of attack surfaces, and it is incumbent on the end user to manually discover these security holes and disable them as needed according to intended network usage. (Aside: please strongly consider providing some centralized clearinghouse of 'network deployment' documentation on all these.)
Some of the input port controls are conveniently centralized in Settings > Network Connections > Manage Inputs. Others, like the Network GPS vulnerability that allows a remote attacker to override the user's location, are hidden away in other menus like Settings > Device Preferences > GPS Preferences > GPS Option (which should be set to "Internal GPS Only" to seemingly prevent a remote attack on this particular vulnerability).
Others such settings can't be accessed via the GUI at all and must be set via a preferences settings file.
The preferences setting being highlighted in this particular Issue is "filesharingSecureWebServerPort", which is particularly onerous because the ATAK code overrides certain user-provided values in the preferences settings file.
./commoncommo/core/impl/cotmessage.cpp is written to check if if httpsPort is MP_LOCAL_PORT_DISABLE (-1) and adapt its behavior accordingly. This is not at issue.
What is at issue is what happens if the user tries to set "filesharingSecureWebServerPort" to -1 to exercise this code. The ATAK code silently overrides such user attempts:
./atak/ATAK/app/src/main/java/com/atakmap/android/missionpackage/MissionPackageMapComponent.java:490
if (securePort < 1)
securePort = WebServer.DEFAULT_SECURE_SERVER_PORT;
I anticipate the question that will be asked at this point is: why would you want to disable this? I hear you say: surely, since this feature is named "secure", that must make it better to use, right?
If you think this, please look at:
./commoncommo/core/impl/missionpackagemanager.cpp:1643
// Don't verify certs for peer hosted transfers
The user is better off being given the choice to defeat this security theater and having one less attack surface to worry about.
