Author Archives: wunderbarb

Japan: iPod taxed?

Posted on by
Reply

Japanese government plans to tax iPods and other hard disk equipped portable players. The DVD recorders have already such a tax. The tax would probably be around 100yens (0.61€) A similar tentative failed in December 2005.

Many countries adopt similar strategy. Recently, French government planned to extend its copyright tax to iPhones (for about 7€). Obviously, each time, consumer electronics industry fight back.

This type of tax opens a gray area. For instance, is it legal then to rip DVD content for copy (even if it is not granted by studios)?

Discreet large scale attack on the net

Posted on by
Reply

In January 2008, tens of web servers have been hacked by the same exploit. These web servers were all using Apache. The infected web servers added a discreet call to to java script to the main page of the hosted sites. Once executed by the visiting browser, the java script checked vulnerabilities to load some malware onto the visiting hosts. The final goals of the installed malware was to load a binary to create botnets. The infected sites were very different ranging from hospitality promotion to sales of automotive replacement parts and even one security dedicated site.

The attack was extremely sophisticated. The attacker used ptrace to inject code in the memory of the Apache server. Thus, there was no modification of the files on the server! The name of the java script was changed randomly for each new visit. If the same IP address visited a second time the site, the java script was not appended to the downloaded page. The java script itself was obfuscated. The final binary that is loaded is extremely wise. It is highly visible with a reassuring name (regscan.exe). It modifies Internet Explorer to bypass potential firewalls.

The aim of this attack was clearly financial. Access to an infected computer for a botnet can be negotiated around 1$. These zombies are extremely useful to run spam or adwares. Interestingly, two weeks after the detection of the attacks, the attacker cleaned the servers he/she infected. The attacker was looking for discretion and not for the sunlights of the media.

This attack shows that hacking becomes an interesting business handled by extremely skilled attackers. We are far from the script kiddies or the geeks who were looking for fame. This story also highlights that you are always at risk, even if you do not visit “risky” sites. “Innocent” sites may infect your computer.

Law 4: Trust no one. Keep your computer up-to-date with all the patches. It is a tedious task, but mandatory. The java script was looking for known vulnerabilities that could have been patched.

For more information, read BUREAU M., Infection sur la toile, in MISC n°7, May/June 2008

Controlling fabless chips

Posted on by
Reply

More and more silicon manufacturers are becoming fabless. It means that they make their own design, but the actual manufacturing is done by another company. Unfortunately, they loose control on production. Thus, they face two types of piracy:

  1.   Manufacturers making more components than expected and selling them through illegal distribution channels.
  2. Pirating intellectual property through stealing some parts of the design.  Although not well-known from media, this piracy is serious.

At last USENIX workshop, Dr KOUSHANFAR from Rice University presented a system that may solve this problem. It is the result of more than 6 years of research.

The idea is rather simple. On a selected set of wires of the Integrated Circuit (IC), a basic circuitry is inserted. Thus, the path of an intercepted wire is driven by a bit. Depending on the value of the bit, the wire will go where it should to behave correctly, or go somewhere else generating a bogus chip. This set of bits form a long key, so called common key: CK. In addition every chip generates a public/private key pair using a hardware true random number generator. Then, using a typical secure link protocol, the IC designer can transmit for a given chip (identified by its public key) CK into the chip. The chip stores this key and can be then sold. Of course without the right value of CK, the chip does not work.

The paper discloses difficult attacks: either to reverse engineer the circuit to find the right value of key and create a new mask with the burnt key, either to get access to the private key of the IC designer. Another attack (not described) would be to cheat the true random number generator in order to have the same public/private key pair for batches of ICs.

Unfortunately, the paper did analyze the security only with piracy in mind. There is another important risk: denial of service. If during the life of an IC, an attacker may overwrite the CK of a good chip with a random value, then the attacker can stop any system using this type of chip.

The idea may also be used for controlling the distribution of secure chips. The secure chip should be fully functional only once personalized.

A concept to watch closely…

The corresponding paper is available at here

History: the secure line between Kremlin and Elysée

Posted on by
Reply

In January 1968, France sold to USSR equipment to securely cypher the direct line between Kremlin and Elysée (The French equivalent of US White House). The price of the equipment was about 125,000F. The simplified description of the equipment clearly shows that it is based on One Time Pad. The devices were encrypting and decrypting with random tape (appareils de chiffrement et de déchiffrement par bandes aléatoires).

It was common knowledge that the protection of White House and Kremlin’s direct line was one time pad. It was also the case for the line between France and USSR but with French equipment.

Are they still using one time pads? or less theoretically secure systems but more user friendly?

For more information, read Quand l’Elysée équipait le Kremlin (in French)

Big gun is back (conclusion of the story?)

Posted on by
Reply

Recently I reported the on-going lawsuit between Echostar and NDS. (see the news). On the 19th May, the court of Santa Ana, California, settled down the case. The jury estimated that NDS violated federal and state laws prohibiting piracy, but did not use it for seeding piracy of the operator. NDS will have to pay $1,500 (1,000€) of damages to Echostar. Echostar estimated the loss around 900M$. NagraStar, who accused NDS to have broken into its network, was awarded no damages.

NDS acknowledged that it used former hacker to enhance the security of conditional access systems. NDS must be relieved. This court decision is a good signal to every industrial and academic security teams that act has white hacker.

Predictable random generator in Debian’s OpenSSL

Posted on by
Reply

On 13th may, Debian announced that Luciano Bello discovered a weakness in the random generator used for OpenSSL. A line of software was removed “for quality reasons”.

/*
* Don’t add uninitialised data.
MD_Update(&m,buf,j); /* purify complains */
*/

Checking tools such as Purify or Valgrind complained that variable buf was not initialized. Thus, it was decided to remove this line. Unfortunately, the random generator used two parameters as random seed: its process ID and this random buffer buf! The range of value of process ID is 32,768. In other words, without the contribution of buf, the seed of the random generator was too small. The random generator was predictable. The keys generated by DEBIAN OpenSSL are predictable, thus weak.

Of course, the mistake has immediately been corrected. The first weak version has been published in September 2006. All cryptographic keys generated by these versions of OpenSSL should be treated as compromised material. New keys should be generated with the latest version. Other distributions of OpenSSL are not concerned. Nevertheless, they may handle DEBIAN generated keys and thus be in danger when using these keys.

Conclusions:

  • Quality checking tools are useful tools. Nevertheless, their results have to be used with judgment. This is specially tool in the field of security where sometimes it is mandatory to “violate” quality heuristics. A typical example is code obfuscation which objective is to artificially increase the complexity of software (whereas quality requests to reduce the complexity)
  • It took more than 18 months for somebody to detect the impact of this modification.
  • Being paranoid, I would say this delay is rather sufficient for a well organized attacker to maliciously had some reasonably smart trapdoor in an open source package and then exploit it against her target.
  • Open source allowed to detect this weakness :Happy: Open source allowed also to introduce this weakness :Sad: Nevertheless, I believe that the pros are higher. Probably there is a critical size of reviewers to reach for gaining some confidence.
  • Not everybody is able to write (and understand) security code.

Thanks to Gomor for the link.

Designing and implementing malicious hardware

Posted on by
Reply

A group of researchers from the University of Illinois (USA), led by Samuel KING, disclosed a new breed of stealth attacks at the Usenix Workshop on Large-Scale Exploits and Emergent Threats. They have implemented in a SPARC CPU two stealth functions. A first function allows bypassing the privilege protection of memory access. A second function, more complex, puts the processor in a shadow mode that may execute some tiny shadow program while being invisible to the external hardware. The added complexity was less than 0.1% of logical gates.

Obviously, these functions break all the security assumptions on which most (if not all) systems are based. It is then rather “easy” to generate exploits. They demonstrated a privilege escalation (through the memory access), and how to steal passwords by hooking write function (through the shadow mode). Interestingly, these attacks operate beneath system and OS. thus they are deeper than rootkits and may be stealthier. If well designed the modifications of the chip are extremely difficult to detect from outside. The only efficient method is reverse engineering that is costly.

How dangerous is this attack?

  1. This is an extremely complex attack. It requires knowledge in IC design and CPU architecture. Not for script kiddies or even garage hackers
  2. It requires access to the design of a chip. The researchers used a Field Programmable Gate Array (FPGA) with the open source Leon processor. Thus, the attack is feasible in case of an FPGA with access to the initial design. If the IC is a full custom, like normal CPUs, then it is more complex. Attacker needs access to full custom design system, masking facilities and silicon foundry.
  3. It requires physical access to the device to be hacked to ensure that it will use a circumvented IC rather than a genuine one.
  4. Thus, clearly it is an attack that could only be mounted by organized and well funded teams such a s government agencies or mafia.

It is also interesting the note the use of an idea disclosed in a recent patent to load bootstrap the shadow mode code. Searching information and ideas everywhere is the hacker true mindset.