ROCA Rocks the Crypto Industry That Was KRACK’d Only Days Ago

The security/cryptography industry has recently taken a battering. Hot on the heels of the KRACK WiFi network vulnerability comes an even bigger, more calamitous and more widespread hazard – the ROCA hack has exposed millions of smartcards, laptops, devices and secure systems to potential criminal activity.

Infineon Technologies AG is a multi-billion dollar, 18-year old German chipmaker that was originally part of Siemens, with 36,000 employees in 166 locations in over 25 countries. It claims to be “the leading provider of security solutions with robust, future-proof embedded security hardware”.

Infineon developed an encryption code library around 2012 that is compliant with recognized global security certification standards, yet it contains a deadly flaw. The fault means that many of the public cryptography keys it generates can be decomposed relatively easily to reveal the corresponding private key. That means that all of its keys are suspect and would not stand up in a court of law as proof that a named party digitally signed a document, or a piece of software, or government identity cards (e.g. Slovakia, Estonia). It also means that criminals could impersonate the true signatory. Hackers could inject malicious code into genuine software products and distribute them as though they were authenticated and digitally signed by the manufacturer.

Infineon did not perform adequate due diligence QA on the code library. As a result, some of its public keys, or moduli, are easily factored. At the core of many encryption system is often a very large integer that is calculated by multiplying two prime numbers together to arrive at a semiprime number. Some of Infineon’s public keys can be factored, since the component prime numbers can be reverse-engineered. Researchers can identify, or fingerprint, which public keys are vulnerable. Wikipedia defines key fingerprinting in public-key cryptography as, “a short sequence of bytes used to identify a longer public key.”

In the ROCA hack (“Return of Coppersmith’s Attack”), researchers developed a version of an existing decryption method. It leveraged the vulnerability that the modulus, or public key, can be factored to reveal the crucial primes. Factorizing the public key still requires considerable computing power and time, and the researchers used Amazon cloud compute services as a benchmark to illustrate the effort and cost. Once a public key has been fingerprinted as being potentially factorizable using this tool, a 1024-bit key would take just a few minutes to break, at a mere cost of approximately $75. A 2048-bit key would cost about $40,000 to crack, and would take a little more than two weeks. A properly-factored key would take millions of years and could not be broken in practical terms. These estimates illustrate the relative strengths and weaknesses of weak and strong keys.

How widespread is this?

There are tens of millions of these Infineon RSA keys in the field. Also, Trusted Platform Modules (TPMs) are embedded chips that are designed to safeguard hardware by integrating crypto keys, and can generate secure keys and facilitate remote login by authenticating credentials. Many Windows devices manufactured by HP, Fujitsu, and Lenovo are impacted; Google Chromebooks are similarly affected. Any devices that utilize Infineon RSA technology must be patched.

Concerns for the security industry

The organization that leads global certification of encryption methods is the National Institute of Standards and Technology (NIST) and the most important standards are FIPS 140-2 Level 2 and the Common Criteria. This is the second credibility hit to affect encryption technology since four years ago, when Taiwan’s certified digital ID secure technology was discovered to contain a flaw that could enable a hacker to adopt another user’s persona. Standards and certification will surely be reassessed and strengthened to reclaim credibility.

Is there any good news?

Yes. The vulnerability applies only to keys that were generated by the Infineon RSA encryption technology. RSA keys generated with software such as PGP, OpenSSL, and similar are not impacted. Neither are non-RSA keys, such as those using Elliptic Curve Cryptography and other technologies. In any case, only keys that were generated by a smartcard or an embedded device using the Infineon code library exhibit this flaw.

Every WiFi Network in the World is Potentially at Risk

They have called it KRACK — Key Reinstallation Attack – and it uncovers a vulnerability in practically every modern WiFi network in the world. The flaw lies at the heart of the WPA2 security protocol that controls access and encrypts traffic. It can be leveraged to snoop on confidential information such as emails, credit card details, passwords and so on.

Who is impacted?

Businesses and individuals, institutions and enterprises, personal and corporate networks – every network that uses WPA2 or the older WPA1. Ciphers GCMP, AES-CCMP and WPA-TKIP. Windows, Linux, Apple, Android, Linksys, MediaTek, OpenBSD, have all been shown to be vulnerable to KRACK attacks. In fact, Android 6 users are most vulnerable

What exactly is the flaw?

When a user connects to a WiFi network, WPA2 uses what is called a 4-way handshake to validate the user’s credentials and connect authorized users to the network. Step 3 of that handshake process involves generating a unique session key. The flaw means that the key generation process can be manipulated to either use a key from a previous session or, in the case of Android 6, to use a key containing all zeros. Hence the name Key Reinstallation attack. Therefore a hacker could pose as an existing legitimate user and tap into the data going to and from that user. A hacker could also inject malware into a data stream to/from a user. A more technical low down can be found here and here.

Is there any good news?

Yes indeed. Most websites that handle confidential data, such as banks and eCommerce sites, use the HTTPS secure layer protocol to encrypt traffic. The WPA2 vulnerability cannot compromise data that is encrypted by some other method other than WPA2. This means that VPN traffic, for example, is not compromised. It is only plain old HTTP traffic that could be stolen. In any case, an attacker would have to be in close physical proximity in order to access any WiFi network, so it’s not like a vulnerability that can be leveraged from half way across the globe over the Internet.

Who is to blame and could it have been avoided?

Founded in 1999, Wi-Fi Alliance is the non-for-profit organization formed by the major players worldwide that create and deliver the Wi-Fi ecosystem, on which billions of people depend every day. It says, “Today, Wi-Fi carries more than half of the internet’s traffic in an ever-expanding variety of applications.” Its website carries the announcement of the vulnerability published October 16.
Seeing as this organization developed WPA2, then any finger pointing leads straight here, although it would be ultra-critical to lay blame with a product that has stood the test of time in the 13 years since its release in 2004. Could it have been avoided? Could Daimler have avoided the recall of over one million Mercedes Benz automobiles recently for an air bag flaw? Of course, the answer is yes, in theory, but no product can lay claim to be 100% foolproof or flawless.

What next to protect WiFi users?

The researchers quite responsibly informed the relevant bodies discreetly such that manufacturers like Microsoft had a month to develop security patches before the word got out. Users should update their devices. Microsoft users who subscribe to automatic updates will already have been upgraded. Android users should upgrade asap. However, as routers are almost always not on an automatic upgrade program, many may never receive firmware upgrades. That may not be an issue as long as clients (users) upgrade devices.

Here’s How Cybercriminals Stole $100 Million From EU Banks and Vanished Without Trace

A wave of financially-motivated cybercrime has hit European and former Soviet banks to reveal profound security weaknesses in the technology infrastructure that handles transactions and funds worth billions of dollars. But how do we stop the next generation of tech-savvy criminals? What security measures must institutions enact to prevent further hemorrhaging of funds in the wake of escalating attacks? First, let’s analyze what happened and why the criminals were so successful.

Yesterday’s drug mule is today’s cyber-foot soldier

The concept of a ‘mule’ is nothing new. Criminals offer tourists, truck drivers, and other working-class individuals (with clean records) who have citizenship and a passport to travel across borders carrying a dubious package they know little about in exchange for a quick payday.

Today, hackers use mules to create bank accounts with fraudulent or stolen IDs. The mules then take the legitimate debit cards and pass them on to other mules who later make simultaneous withdrawals from ATMs in other countries.

While the mules perform the legwork and prep for the attack, hackers use targeted phishing scams to plant keylogging software on employee terminals where bank tellers and credit card processors work. Over time, they acquire access to the bank’s network and plant legitimate software like Mipko, a software package used to monitor employee terminals remotely. The minimal use of malware is one of the key reasons why these attacks failed to raise any red flags with the banks involved.

Modern banking institutions are frequently interlinked with third-party credit card processors, allowing hackers to freely move between networks and spy on employees until they get the credentials needed to access and modify the bank’s risk scores and overdraft protection limits. As soon as the online attack happens, mules on standby in numerous countries make simultaneous cash withdrawals from ATMs using the legitimate debit cards issued by the institution. This kind of attack exploits both the logistical weaknesses of ATM infrastructure and law enforcement’s ability to track down such a large number of co-conspirators who know very little, if anything, about the actual masterminds.

Hackers then cover their tracks by crashing systems they used and rendering them unbootable, meanwhile the mules disappear with the cash long before authorities have even been notified that a heist is underway. In fact, because of the legal nature of the withdrawals, most banks are completely unaware of the attack until someone notices the spike in ATM traffic hours or days later.

What does this mean for the future of banking?

Thus far, these cyber-attacks have yet to spark a serious change in banking infrastructure because they have yet to affect a rich super-power. However, Trustwave issued an Advanced Threat Report that claims these organized attacks are likely to spread globally over the next few years, increasing both the frequency and intensity of the attacks as the organizers grow in influence and power.

While banks and credit card processors can double down on internal security and in-house training, human error (in the form of falling for phishing scams) remains one of the key weaknesses that hackers exploit—and that isn’t something anyone can just eliminate. Preventing hackers from getting a toe-hold into the network is a crucial countermeasure, but that doesn’t excuse the lax security on integrated networks that should have multiple layers of authentication or the ease of which criminals open new accounts with phony or stolen personal information.

The only other option is to limit the functionality of ATMs to the point where it is too time-consuming (and therefore costly) to engage in this kind of heist. However, this will undoubtedly irritate consumers who rarely opt to sacrifice convenience for security.