Category Archives: Hack

Doom9 and BD+

Posted on by
Reply

It is now public knowledge. Doom9 hackers have reverse engineered the virtual machine at the core of BD+ protection (See issue #7 of security newsletter about more information on SPDC). The work is a master piece of reverse engineering (although the VM is rather simple and very near old 8-bit assembly language). Reading the thread of Doom9 is extremely instructive. You see how they operate and confirm our law #1.

One of the interesting lesson is the use of CRI’s patent to help understanding how it works. We always face the dilemna between securing Intellectual Property Rights through a patent or keeping trade secrets.

Can we claim that BD+ is broken? The answer is no. It would be similar to state that Java cards are broken because you have the java virtual machine. Paul Kocher’s team was wise enough no to base the trust model on the secrecy of the VM. I had discussion with him on that topic. The fight will now be at the level of the BD+ application. They will have to distinguish between good guys and bad guys. This will be the new arm race. The objective of BD+ designers will be to force to require a new pirate application for each title.

The speed of “erosion” of the different protections is impressive. We will follow the story.

Lenovo distribution with virus

Posted on by
Reply

On a regular basis, the security newsletter reports devices that are distributed with viruses. That CE devices are not security aware can be understood (although not excusable). But when a serious PC company delivers some software packages with malware in it, this is not acceptable. This what happened to Lenovo for their Lenovo Trust Key software for Windows XP. (Trust key with malware :Sad: ! Law 4: Trust no one is really true)
It would be interesting to learn when the malware infected the package. Nevertheless, it highlights that the package was not thoroughly tested before signature.
This must be the fear of any product line manager: shipping an infected software to the customers. The remedy is known: check all the package with a maximum of anti virus software before signature. This of course requires some financial investment (low compared to the cost in reputation) and some time investment. The databases of each anti-virus software have of course to be up to date. The remedy is so simple.
This highlights the need of security awareness at every level of an organization. Security is not stronger than its weakest link.

Homebrew: deeper and deeper

Posted on by
Reply

One of the most active hacking communities is the homebrew addict. They attempt to be able to run their own software, so called homebrew, on proprietary game consoles. And they are successful on many platforms: XBOX, Wii, iPhone, … Sony was smart when designing PS3. It allowed to run homebrew linux applications. This may perhaps explain the current resistant to hack. The homebrew community does not need to reverse engineer it.

To run their homebrews, they have to reverse engineer the system of the console. Although their aim is not to hack the games, they provide precious information to the game hacking community.

Latest exploit is for the Wii. Twizzer team is currently designing a hack, so called bootmii, that replaces Nintendo’s boot by their own boot. In other words, it will be the hacked boot that will control the console. Thus, it may come below the radar of Nintendo patches and upgrades.   🙁

They analyzed the chain of trusted boots and detected the first element of the chain that could be replaced (in this case boot2). And due to a bug that allows to illegally sign a piece of code, they replaced boot2 by bootMii. BootMii is not yet finalized. BootMii will be an extraordinary hacking tool for the Wii.

Nintendo may fix the signature bug. But it will only impact the future deployed products. The bug is in the non rewritable part of the deployed consoles.

Conclusion: Examine carefully your business model when eliminating howmebrew applications from the feature list.

Is WIFI still secure

Posted on by
Reply

This week, several news seemed to shake the basement of WIFI security. The first news was about WPA/WPA2 and the second one about WEP.

ElcomSoft is a company that designs tools to retrieve lost passwords. Their latest product adds two new features. First, it distributes the workload on distributed computers. Second, it may use NVidia Graphical Processing Unit (GPU) to gain a factor 20 in processing time compared to simple CPU. They announced a gain of 100 for cracking WPA/WPA2 passwords.

Of course, immediately the press has “reported” this exploit without often many insights. I have even seen some blogs reporting a gain of 10,000. The “exploit” of ElcomSoft is to use GPU and distributed computing. This is not new. Remember the use of several PS3 with cells to create collisions for SHA1 (See Security Newsletter #9). ElcomSoft still uses brute force against WPA/WPA2. Thus, good luck and a lot of patience.

The second news is that a Japanese researcher, Masakatsu MORII, who succeeded to crack WEP key in less than 1 second. He announced this exploit at CSS2008. The Japanese presentation is available at http://srv.prof-morii.net/~morii/image/CSS2008/CSS081010_WEP_slide.pdf (password WPE2008). We will have to wait some time to get an English version. It will be interesting to analyze the attack to see if it opens new methods to break keys. He drastically accelerated compared to the last exploit at 6 minutes. Nevertheless, WEP is considered for many years as too weak to protect Wifi. This is just nailing once more WEP’s coffin.

Was security of Wifi reduced this week? Clearly not with these announcements. The first one seems to be more a promotional trick to increase awareness of ElcomSoft. The second one hacks an already dead algorithm. By the way, check that you do not use WEP to protect your personal wireless network. I am sure you are already using WPA2

Red Hat compromised

Posted on by
Reply

In august, Red Hat informed that some packages of OpenSSH have been illegally signed. An intruder succeeded to penetrate Red Hat’s IT infrastructure and to access the signing computer of Red Hat. Thus, he succeeded to sign his/her own variants of OpenSSH. There was no evidence that they leaked out. Nevertheless, Red Hat provided tools to detect these variants and issued a new clean version signed with a new signature key. the old one will be revoked.

This is extremely serious. Today, most trust models are based on the assumption that the access to signing key is secured. Three main events may shatter this assumption for company X:
– company X’s private key leaks out. Then Alice, Bob, Eve are able to sign on the behalf of company X
– Alice is able to get company X to sign without controlling the data
– Alice is able to get a trusted certification authority to issue a digital certificate with the name of company X. Then Alice can impersonate company X. This is what happened in March 2001 with Verisign and Microsoft (see http://news.cnet.com/2100-1001-254586.html.

In this case, it is second attack.

Signature key is the core of many security system. It is the most important asset to protect. Red Hat probably protected correctly it (there is no evidence that the key leaked out), but not its usage. Security policy definition and implementation is a big problem.

Blocking theft of cycles using RFID

Posted on by
Reply

In UK, an interesting experiment, called WASP, uses RFID against theft of bicycles. Kryptonite designed a lock equipped with RFID and a motion sensor. The concept combines several elements:

  • The lock
  • A detector of RFID that covers a zone
  • A CCTV system that covers the same zone.

If ever the lock is moved, it activates the RFID. This is detected by the RFID readers which trigger a signal in the CCTV central. It is then possible to visualize who is trying to steal the bike.

The more constraining part of the system is the activation of the system. When the user stores his bike, he has to phone to a central system to indicate the identification of the area of protection. This starts the protection phase. When the user wants to take back his cycle, he has to phone back to the central system before unlocking the bike. WASP system is currently being tested at the University of Portsmouth.

Law 6 is once more interesting. As could have been expected, many people are already not anymore activating the phone call. The lock being blinking, they expect it to be deterrent enough. The activation phase seems to me very constraining. You will have two types of false positive: people who inadvertently move the bike, thus the lock, and of course the owner who forgot to call back to trigger deactivation.

In any case, an interesting combination.

To learn more, a presentation and the operator SOS Response

Adobe fake flash player

Posted on by
Reply

A new worm seems to use social engineering to install malware. The worm asks to load a newer version of Adobe Flash Player and of course provides a link to this upgrade. The upgrade in fact is a fake one with real malware. The social engineering part is nicely done because it uses one of the most freely available software in the world (Adobe Flash Player) and nobody knows when an upgrade is available. Today, it is extremely current to upgrade the installed software.

Adobe proposes the following remedies:

  • Load upgrade and installers only from adobe.com site
  • Verify that the installer is signed with a certificate belonging to Adobe.

The two remedies are very good ones that should be generalized to every installation. Although they have some limits:

  •  It is rather common to download installation from many sites that are not the sites of the developing team. It is less convenient to search for the issuer site than take the first site offering it. For instance Adobe Flash Player is available in many places. I tried to search on Google France. Fortunately, the first site proposed was adobe.com. But I found many other ones. Should I trust them?
  • How many people are able to analyze a digital certificate? Furthermore, some very respectable companies use expired certificates or with an unknown root certificate.

Once more, we end up with the need to educate users. A lot of work to do here.