The security/cryptography industry has recently taken a battering. Hot on the heels of the KRACK WiFi network vulnerability comes an even bigger, more calamitous and more widespread hazard – the ROCA hack has exposed millions of smartcards, laptops, devices and secure systems to potential criminal activity.

Infineon Technologies AG is a multi-billion dollar, 18-year old German chipmaker that was originally part of Siemens, with 36,000 employees in 166 locations in over 25 countries. It claims to be “the leading provider of security solutions with robust, future-proof embedded security hardware”.

Infineon developed an encryption code library around 2012 that is compliant with recognized global security certification standards, yet it contains a deadly flaw. The fault means that many of the public cryptography keys it generates can be decomposed relatively easily to reveal the corresponding private key. That means that all of its keys are suspect and would not stand up in a court of law as proof that a named party digitally signed a document, or a piece of software, or government identity cards (e.g. Slovakia, Estonia). It also means that criminals could impersonate the true signatory. Hackers could inject malicious code into genuine software products and distribute them as though they were authenticated and digitally signed by the manufacturer.

Infineon did not perform adequate due diligence QA on the code library. As a result, some of its public keys, or moduli, are easily factored. At the core of many encryption system is often a very large integer that is calculated by multiplying two prime numbers together to arrive at a semiprime number. Some of Infineon’s public keys can be factored, since the component prime numbers can be reverse-engineered. Researchers can identify, or fingerprint, which public keys are vulnerable. Wikipedia defines key fingerprinting in public-key cryptography as, “a short sequence of bytes used to identify a longer public key.”

In the ROCA hack (“Return of Coppersmith’s Attack”), researchers developed a version of an existing decryption method. It leveraged the vulnerability that the modulus, or public key, can be factored to reveal the crucial primes. Factorizing the public key still requires considerable computing power and time, and the researchers used Amazon cloud compute services as a benchmark to illustrate the effort and cost. Once a public key has been fingerprinted as being potentially factorizable using this tool, a 1024-bit key would take just a few minutes to break, at a mere cost of approximately $75. A 2048-bit key would cost about $40,000 to crack, and would take a little more than two weeks. A properly-factored key would take millions of years and could not be broken in practical terms. These estimates illustrate the relative strengths and weaknesses of weak and strong keys.

How widespread is this?

There are tens of millions of these Infineon RSA keys in the field. Also, Trusted Platform Modules (TPMs) are embedded chips that are designed to safeguard hardware by integrating crypto keys, and can generate secure keys and facilitate remote login by authenticating credentials. Many Windows devices manufactured by HP, Fujitsu, and Lenovo are impacted; Google Chromebooks are similarly affected. Any devices that utilize Infineon RSA technology must be patched.

Concerns for the security industry

The organization that leads global certification of encryption methods is the National Institute of Standards and Technology (NIST) and the most important standards are FIPS 140-2 Level 2 and the Common Criteria. This is the second credibility hit to affect encryption technology since four years ago, when Taiwan’s certified digital ID secure technology was discovered to contain a flaw that could enable a hacker to adopt another user’s persona. Standards and certification will surely be reassessed and strengthened to reclaim credibility.

Is there any good news?

Yes. The vulnerability applies only to keys that were generated by the Infineon RSA encryption technology. RSA keys generated with software such as PGP, OpenSSL, and similar are not impacted. Neither are non-RSA keys, such as those using Elliptic Curve Cryptography and other technologies. In any case, only keys that were generated by a smartcard or an embedded device using the Infineon code library exhibit this flaw.

They have called it KRACK — Key Reinstallation Attack – and it uncovers a vulnerability in practically every modern WiFi network in the world. The flaw lies at the heart of the WPA2 security protocol that controls access and encrypts traffic. It can be leveraged to snoop on confidential information such as emails, credit card details, passwords and so on.

Who is impacted?

Businesses and individuals, institutions and enterprises, personal and corporate networks – every network that uses WPA2 or the older WPA1. Ciphers GCMP, AES-CCMP and WPA-TKIP. Windows, Linux, Apple, Android, Linksys, MediaTek, OpenBSD, have all been shown to be vulnerable to KRACK attacks. In fact, Android 6 users are most vulnerable

What exactly is the flaw?

When a user connects to a WiFi network, WPA2 uses what is called a 4-way handshake to validate the user’s credentials and connect authorized users to the network. Step 3 of that handshake process involves generating a unique session key. The flaw means that the key generation process can be manipulated to either use a key from a previous session or, in the case of Android 6, to use a key containing all zeros. Hence the name Key Reinstallation attack. Therefore a hacker could pose as an existing legitimate user and tap into the data going to and from that user. A hacker could also inject malware into a data stream to/from a user. A more technical low down can be found here and here.

Is there any good news?

Yes indeed. Most websites that handle confidential data, such as banks and eCommerce sites, use the HTTPS secure layer protocol to encrypt traffic. The WPA2 vulnerability cannot compromise data that is encrypted by some other method other than WPA2. This means that VPN traffic, for example, is not compromised. It is only plain old HTTP traffic that could be stolen. In any case, an attacker would have to be in close physical proximity in order to access any WiFi network, so it’s not like a vulnerability that can be leveraged from half way across the globe over the Internet.

Who is to blame and could it have been avoided?

Founded in 1999, Wi-Fi Alliance is the non-for-profit organization formed by the major players worldwide that create and deliver the Wi-Fi ecosystem, on which billions of people depend every day. It says, “Today, Wi-Fi carries more than half of the internet’s traffic in an ever-expanding variety of applications.” Its website carries the announcement of the vulnerability published October 16.
Seeing as this organization developed WPA2, then any finger pointing leads straight here, although it would be ultra-critical to lay blame with a product that has stood the test of time in the 13 years since its release in 2004. Could it have been avoided? Could Daimler have avoided the recall of over one million Mercedes Benz automobiles recently for an air bag flaw? Of course, the answer is yes, in theory, but no product can lay claim to be 100% foolproof or flawless.

What next to protect WiFi users?

The researchers quite responsibly informed the relevant bodies discreetly such that manufacturers like Microsoft had a month to develop security patches before the word got out. Users should update their devices. Microsoft users who subscribe to automatic updates will already have been upgraded. Android users should upgrade asap. However, as routers are almost always not on an automatic upgrade program, many may never receive firmware upgrades. That may not be an issue as long as clients (users) upgrade devices.

On June 27, 2017, opportunistic cybercriminals took advantage of exploits leaked by Shadow Brokers, a group that had previously released cyberweapons used by the National Security Agency. The latest exploit was a variant of Ransom: Win32/Petya that was initially seeded through the update mechanism of an accounting software program used in Ukraine. Since then, the ransomware has compromised 12,500 machines in Ukraine and spread to 64 countries across the globe. The virus exploits EternalBlue vulnerability in Microsoft Windows, encrypts data on the compromised hard drives and asks for a $300 ransom for data decryption.

A Wiper in Disguise

Experts believe the over-smart attempt to victimize unsuspecting users for financial gains has the potential to spread faster than the largest ever ransomware attack in WannaCry. In achieving this goal however, the virus is inept to the point of such uselessness that the entire ransom payment mechanism is flawed and guarantees failure to recover encrypted data despite payment.

The virus requests payment to a static Bitcoin address and a proof of payment message to the email address hosted by the company Posteo. As expected, transactions to the single hardcoded Bitcoin Address are traceable and the webmail company has already disabled the email address. Despite the large-scale impact, cybercriminals behind the attack hardly managed to receive $10,000 across 45 ransom payments.

It looks like the intent behind the attack is far more malicious and clever. Perhaps the creators never intended to decrypt the compromised data after receiving payments. While it looks like a school-boy hacker’s attempt to get rich quick, the virus has actually turned out to be something worse: a Wiper malware.

A Wiper malware is essentially a cyberweapon designed to destroy a data stored on the compromised hard disk. Whether Petya was intentionally designed as a Wiper malware is debatable, but it has certainly yielded its fair share of the fodder feeding the media frenzy toward the mysterious cybercrime actors. Previous episodes of Wiper malware had their roots entrenched in state-sponsored attacks. Notable attacks in history include the Wiper attack on Iran and Shamoon attack on Saudi Arabia, sharing its roots with the destructive Stuxnet attack.

Here’s What You Can Do About It

Petya exploits the Server Message Block (SMB) vulnerability in Microsoft Windows to spread across machines. This is the same vulnerability used to spread the WannaCry, the largest ransomware attack in history. Microsoft had already issued security patches to the address vulnerabilities, and users running updated machines remain secure from the Petya attack.

The first step to ensure protection from the Petya attack lies in running the latest stable versions of Windows OS.

Users running outdated Windows OS should meanwhile watch out for unwarranted attempts to reboot and repair system files. If that happens, you should power off your machine immediately, because it’s actually the encryption process taking place. Your files remain unencrypted until this process is completed in its entirety.

If your computer has actually been compromised, there’s no way to recover your data since the email address stated in the ransom message has been disabled. Reformat your hard drive, recover your data from the available backup and keep your software, anti-virus and OS up-to-date at all times.

The pacemaker itself is not a new piece of technology.  Interfacing it with a network – including the publicly accessible Internet – is a relatively new concept and opens the door to potentially life-threatening security vulnerabilities. Recently, the newly developed Pacemaker Ecosystem, the technology framework for connecting next-gen Pacemakers to the Internet of Things (IoT) failed its cyber security check-up.

IoT Brings Major Security Challenges

The very concept behind the Internet of Things highlights the convenience of connecting device across a public facing Internet connection. The benefits of IoT connectivity are myriad. An IoT-enabled Pacemaker allow medical professionals to remotely monitor Pacemaker users, 24/7.

Potentially, the same healthcare professionals could remotely reconfigure a Pacemaker as well. But what happens if somebody other than the authorized healthcare specialist, without the necessary knowledge and expertise to manage pacemaker gains access of the IoT healthcare device? The implications of this are terrifying.

Transparency is a Potential Security Vulnerability

The Pacemaker Ecosystem failed its cyber security test due to the potential security vulnerabilities found within the integrated set of technologies that constitute the overall platform infrastructure.

Because of the open nature of IoT security protocols, it is possible to learn very quickly how the Pacemaker Ecosystem handles security. Since the platform uses standardized cryptography methods, finding security vulnerabilities is far easier, as compared to finding them in propriety cryptography methods.

Incorporating off-the-shelf, potentially vulnerable cryptography technology into a healthcare IoT device platform is not necessarily a great idea either. Many vendors of open technologies have a less-than-stellar reputation for promptly addressing security vulnerabilities.

Robust Cryptography is Necessary for Healthcare IoT Devices

Infrastructure security loopholes aside, the Pacemaker Ecosystem has been criticised for failing to leverage adequate encryption for data security.

Whilst governments around the world are moving toward restricting the strength of consumer grade encryption in favor of national security, there can be no valid reason for vendors not apply strong encryption to data and networks involved in maintaining a patient’s cardio functionality.

However, the Pacemaker Ecosystem failed to use top grade encryption, and furthermore, can potentially leak unencrypted data due to security vulnerabilities introduced by third-party vendor technologies involved.

Multiple Points of Failure

The security testing and subsequent failure of the Pacemaker Ecosystem was dramatic due to the sheer volume of potential security vulnerabilities uncovered. Across the entire software platform, over 8,000 potential security vulnerabilities were found in standard library functions alone. It was also found that certain private patient data was being stored in an entirely unencrypted fashion.

Although the concept of IoT-enabled medical devices promises great value propositions, the road to developing secure and reliable devices is going to be a long one, with many challenges to overcome. As such, strong encryption is the least fundamental security requirement.

The biggest global ransomware cyberattack on record has impacted over 130,000 individual computers across over 100 countries in just 48 hours. That figure is an estimate as of Saturday midnight May 13, and will certainly increase over the next few days as more victims are identified.

So What Exactly Happened?

Victims see a ransom demand on their screens, stating that their data has been encrypted. The criminals demand $300 in Bitcoin to unlock the data. This price increases to $600 within a few hours if the ransom is not paid. The attacks utilize malware – a worm called Wanna Decryptor (a.k.a. WannaCry). It infects the device of a user who has been tempted to open an email attachment and thereby unknowingly installs the virus. The malware encrypts the hard drive and searches for other potential target systems on the network to spread itself. Once inside an organization, it exploits a known vulnerability in the Windows OS that pertains to document sharing with other users on a network. Defense mechanisms to protect against harmful document sharing between trusted users within a network are usually less stringent. These loopholes combined to deliver the biggest ever ransomware attack in history.

A happy accident temporarily halted the spread of the infection when a UK security analyst discovered what amounts to a ‘stop button’ or so-called kill switch.

Who has been targeted?

The malware targets Windows systems that are not up to date or older versions of Windows that Microsoft no longer supports. For example, Windows XP was released in October 2001 and withdrawn from service, officially more than 12 years later in 2014. However, some organizations chose not to purchase a newer version of Windows and saved on the licensing costs only to risk security attacks like the latest ransomware incident. Other large organizations, such as the UK’s National Health Service paid Microsoft to continue supporting XP for them. However, the UK government decided to halt that spend in 2015, leaving the health care system vulnerable to the type of attack that occurred. The organization failed to access sensitive patient data, critical planned surgeries and procedures had to be cancelled, and hospitals had to shut down some units.

In general, government, university and health care networks using outdated Windows OS versions are likely to be hardest the hit.

What options do victims have?

There are only 3 options:

• Pay the ransom
• Restore the data from a recent backup – if one exists
• Live without the data

In any event, users should work to apply the recommended security patches immediately. It is inevitable that the criminals will change their attack mechanisms and remove the temporary kill-switch capability, and then there are likely to be a number of copycat attacks using the same vulnerability in different ways.

Is the NSA at fault for this?

Not entirely. The NSA apparently did discover the vulnerability some time ago. They then weaponized it for their own use by building software code that exploited the vulnerability. The hacker group known as TheShadowBrokers made public this code amongst some of the NSA’s digital espionage toolkit as part of their exposure of NSA hacking tools. Reports indicate that the hackers behind this week’s attack simply did a copy and paste of that code into their worm. Microsoft did in fact release a security patch to fix the vulnerability in March. However, not all users were aware of the vulnerability or the patch, chose to run potentially vulnerable systems instead. The debate continues as to whether the NSA should alert software vendors regarding vulnerabilities that they uncover, rather than keeping the knowledge to themselves for surveillance purposes.

What can we do to help protect against ransomware attacks?

The least you can do is to keep your software updated, at all times. The next level of defense is the human element – Internet users should never click on email attachments unless they are absolutely certain that the files are coming from genuine, legitimate and known senders. These measures alone will suffice to curtail majority of ransomware attacks coming your way.

The WannaCry worm will potentially reappear in different guises over the coming days and weeks. The best advice is to take action now to protect your devices.

Revenge hacking encompasses the expansive set of motivations behind cybercrime. Every victimized industry has seen some form of cyber-attack backed that links back to their own hostile actions or policies toward the attackers.

Motives range from low profile disgruntled ex-employees to self-publicizing groups like Anonymous providing occasional media updates about their attacks on ISIS cybertargets. Sovereign states have long been suspected of hacking behavior and even Vladmir Putin is reported to be in on the act. Sexual revenge or jealousy was behind the infamous theft of subscriber data from the dating site Ashley Madison, specifically set up to facilitate affairs involving married individuals.

The latest set story circles around the Buzzfeed hack that surfaced in retaliation for identifying an alleged Saudi Arabian member of the OneMore hacking group.

Revenge hacking is not confined to the “outlaws”. Corporations have occasionally felt the urge to strike back at their tormentors, which is probably illegal everywhere in the world. Sometimes it’s considered as a pre-emptive strike to ward off a perceived threat. However, taking out a target server that appears to be the source of a threat could be extremely ill-advised. That server could be a component of a public utility, hospital, municipal authority or anything really. Hackers can compromise a server and use it as a proxy for launching attacks originating from half way across the globe.

No network or website can prevent hacking attempts from taking place. Even brand new simple WordPress blog sites are not immune. Automated systems are constantly probing for easily cracked access credentials. Such systems cost practically nothing to run and represent the bottom end of the attack spectrum. Strong passwords represent the simple and obvious defense, easily available through free online password generators.

At the other end of the scale are what could be considered “professional hackers” and the criminal element. Technically minded individuals with varying degrees of talent but with time on their hands occupy the middle ground. Large corporations present a happy hunting ground because the bigger the IT infrastructure, the greater the number of attack surfaces to be explored and exploited. This is the constant battleground between the security experts and technologies that form the defensive zone, and the attackers.

There is no central record for collating data on thwarted hacking attacks. That makes it impossible to measure the success levels of the security defenses. Security teams are only as good as their last failure, as in many walks of life. However, despite the high-profile names of the victims, the count of those that have not yet suffered the same fate greatly outnumbers the number of victims.

Every new technology and every new online service is highly likely to contain security vulnerabilities. The incessant drive to deliver newer functionality to outstrip the competition will constantly expose weaknesses. New functionality means new systems being exposed. The reality is that the game is loaded in favor of the hackers, who only have to breach a security system once to reach the prize and the headlines.

Corporations will continue to spend on security measures because there is no other option if they are to remain ahead of the risk of attack. Add the unpredictable nature of motivation for revenge hacking and the element of surprise is added to the mix. The only unknown is the motive for the next high profile attack.