Skip Navigation
BlackBerry Blog

This Week in Security: U2F, Unleash the KRACKen, TPM Woes

Security For The Masses

“2FA All The Things”, the resounding war cry of this generation’s InfoSec experts, has been bellowed out from tops of security towers for as long as two factor authentication has been available for users to take advantage of. This week Google has refactored and revised their security offerings for Gmail to allow all users to utilize hardened security features to ensure prying eyes aren’t reading their sensitive email.

As part of Google’s Advanced Protection Program and in celebration of National Cyber Security Awareness Month, Google has opened their once closed enhanced protection offerings to the public. These new offerings help protect a user’s Gmail account by offering a three-pronged approach to countering typical account hijacking methods.

The first enhancement is by offering enhanced 2FA protections to a user’s account by introducing support for Security Keys. These keys are physical security devices in the form of a USB key or wireless device that store certificates implementing Universal 2nd Factor (U2F) Protocol to protect accounts from phishing and password stealing. U2F keys come in a variety of flavors from vendors such as Yubikey Neo or Feitian FIDO BioPass; just make sure they aren’t vulnerable to the new TPM flaw (see below for more information).

The second enhancement Google has introduced is restricting access to the users Google data from 3rd party applications. In several compromises, users were tricked into giving malicious applications access to their Google data such as Gmail and Google Drive access. The new controls restrict access to only Google apps. This may come as a hindrance to some users as it will restrict applications such as Apple iMail and Microsoft Outlook from accessing their Gmail account; however, Google has stated they will expand support to additional applications in the future.

The third prong in the Advanced Protection Program is adding additional steps to validate users during the account lockout and recovery phase. From the description provided, it seems that additional reviewing will be conducted on accounts by Google security personnel during this process. This prevents a social engineering attack of impersonating the account holders in order to gain access to accounts.

In the wake of many high-profile attacks and email compromises, we here at Cylance highly recommend that all users who value their security look into enrolling into these offerings by Google, and hope to see other vendors offering users the same level of protection in the near future.

Unleash the KRACKen on the Sea of WiFi

In what could quite possibly be described as Skynet’s impending plan to take over wireless security and compromise all of our devices, researchers at KU Leuven have discovered a potentially critical flaw in WPA2 protocol. The flaw, like all other high profile media vulnerabilities comes complete with the whole InfoSec celebrity package worthy of an appearance on the TV show, Scorpion:

  • A catchy and ridiculous marketing name? Check: KRACK (Key Reinstallation Attack)
  • Own dedicated domain and website? Better believe it does: https://www.krackattacks.com/
  • A fly logo that could be confused into thinking it was an Air Force tactical fighter wing logo that would look amazing on some hipster’s bomber jacket patch? Yep, it has that too:

  • A sweet white paper with enough technical jargon to summon Cthulhu himself? Oh yes, https://papers.mathyvanhoef.com/ccs2017.pdf
  • Its own executive producer, theme song, and reality TV show? Probably coming this winter.

The attack originates in the 4-way handshake that is exchanged when a device contacts a wireless access point that is using the common protocols WPA2-PSK or WPA-Enterprise. By interfering with this process, an attacker can man-in-the-middle (MiTM) a targeted device’s wireless communication. This would allow an attacker to intercept, decrypt, hijack, and manipulate a victim’s wireless traffic without connecting to the network itself.

Prior to public disclosure, Microsoft, Linux, and Cisco had rolled out patches to protect their users and devices. Apple has announced patches in iOS 11.1 and Mac OS 10.11.1 which will roll out to users in the near future. A few 3rd party vendors have also rolled out some patches and those are being tracked here.

However, the real headache is in the sheer magnitude and effort required to protect and roll out firmware patches for the rest of the devices that are vulnerable. As security experts know, the reality of vendors providing timely firmware updates, the amount of end-of-life devices with no updates or support, millions of vulnerable Internet of Things (IoT) devices, and depending on administrators and home users ensuring that all of their devices get a firmware update, all but guarantees that this vulnerability will be around for years to come.

For now, the vulnerability details are only described in a white paper, and a public exploit is not quite ready, although in the coming weeks as well all know, this might change. In the meantime, paranoid and security minded individuals can take a few steps to ensure they mitigate against this attack:

- Run VPN software on their devices to ensure your network traffic is encrypted prior to being exchanged wirelessly

- Ensure HTTPS is strictly enforced by installing and applying extensions like HTTPS Everywhere to protect against browser attacks

- Check and apply firmware security updates for your networked devices from your vendors

- Tech savvy users could also upgrade their wireless connections to the controversial RJFourtyFive protocol, which completely mitigates against this attack

TPM Key Woes

Apparently the second part of Skynet’s monthly plan to take out computers and render humanity powerless was revealed this week, as a fundamental weakness in Trusted Platform Module (TPM) key generation.

Researchers have discovered a flaw in the generation of RSA keys produced by Infineon Technologies AG hardware chipsets. This flaw affects all devices, including smartcards, security tokens, and other secure hardware devices that have used these chipsets since 2012. Luckily for us, the researchers behind this flaw have spared us with having to deal with two celebrity status vulnerabilities this month (minus very likely having a white paper whose math algorithms will summon Cthulhu himself to be released on November 2, 2017).

The attack, labeled as ROCA, is very similar to the previously discovered cryptographic vulnerability FREAK, in which a prime factoring algorithm utilized in the cryptographic libraries are vulnerable to mathematical attacks that weaken their state and allow attackers to generate RSA private keys from public keys.

Now before you toss your computer out the window and burn your TPM devices, the attack does have some requirements that could deter most low-level attackers. The requirement for cracking a single 2,048 bit key currently requires about 51,400 vCPU days; which essentially means an Amazon EC2 bill roughly around $35,000. This essentially means victims will have to only worry about targeted attacks with deep pockets and nation state attackers. The researchers who discovered the exploit have explained that although the attack is practical, it does take quite a long time to work out.

Due to the time that is required to crack the algorithm, the most likely scenario for this to be used in the real world is would be corporate espionage. Whereas an attacker steals a laptop or hard disk encrypted with a vulnerable vendor and then uses the exploit to recover the data in X amount of days or years.  

With a coverage of approximately 25 to 30 percent of all TPMs used globally, administrators and users should check their devices using offline or online tools to determine if they are vulnerable to the attack. In addition, users can determine if their SMIME or PGP keys are at risk by sending a signed email to roca(at)keychest.net that will conduct an automated analysis of the signing key.

Users who find themselves vulnerable can mitigate against this attack by applying software updates from vendors, replacing their RSA keypair using an outside device or the OpenSSL library, or using another cryptographic algorithm such as ECC.

The Cylance Research and Intelligence Team

About The Cylance Research and Intelligence Team

Exploring the boundaries of the information security field

The Cylance Research and Intelligence team explores the boundaries of the information security field identifying emerging threats and remaining at the forefront of attacks. With insights gained from these endeavors, Cylance stays ahead of the threats.