Comments

Sami Lehtinen May 27, 2021 7:49 AM

There are two conflicting versions of this story out. Another says that they encryption keys were stolen, and the other story says that those weren’t. I were left wondering which version of the story is actually true story, or maybe nobody actually knows even this date?

Tatütata May 27, 2021 8:23 AM

Centralizing master keys in one facility is setting up a SPOF, Single Point of Failure.

But in fact, Leetham says, one server on RSA’s internet-connected network was linked, through a firewall that allowed no other connections, to the seed warehouse on the manufacturing side.

Nice design! Air-gapped and back-doored at the same time… SecurID is an older design based on different assumptions, but why wouldn’t the end-customers generate their seeds locally using appropriate hardware?

Calling the NSA for help in fixing your problems, even during a crisis, isn’t really reassuring for customers, especially foreign ones. After all, NSA helped themselves to a French manufacturer’s seeds for programming mobile phone SIMs…

The amusing/ironical/shocking bit in this story is that it happened to a company that files patents with titles such as “Storing digital secrets in a vault” (US7739733, filed 2005) or “System and method for detecting fraudulent transactions” (WO2007044763, filed 2005).

The SecurID rolling codes fobs are somewhat goofy, I was never issued one myself, but saw others use them. I wondered about clock drift and battery replacement, but my urge to investigate deeply hasn’t been quite strong enough.

In Europe, German banks initially relied on a sheet of paper with 100 random 6-digit codes for security (“TAN-Verfahren”). When completing a transaction, the web site would ask you for a given code. Initially these were exhausted sequentially beginning with 1, but circa 2008 they realized that this wasn’t secure, as sophisticated phishing suites with screen-grabbers and key-loggers, or fake banking sites, would trick users into entering extraneous codes, which would then be used by crooks to siphon their accounts. Challenges were then picked at random withing the 100 group. When a sheet was exhausted, a new one could be obtained through the post.

This still wasn’t secure enough, and the EU forced banks to improve in the last few years.

The current system used by my own bank is a small device (~4cm x 6cm x 8mm) with a camera and a display that you point at a color dot pattern shown on your computer monitor. The dots can be saturated R, G, B, or white, so overall there would be roughly around 1000 bits of info in a typical 25×25 square grid. The pattern contains not only the challenge, but also a description of the proposed transaction, which you can verify on the device’s display. You type back a 7-digit response, and that’s it. The device is quite fast, it takes about seconds to power-up (you could warm it up as you log into the banking app/site), and 1 second to point the camera, grab the challenge, and complete a transaction.

Devices are shipped blank, but are activated with a special printed pattern which you must keep secure.

Already in the 1990s, challenge-response calculators (a small keyboard and a LCD 7 segment display) were provided by some banks in the Netherlands. The challenge and response had either 6 or 7 digits, I’m not sure anymore.

Using smart phones for 2FA makes me cringe.

Clive Robinson May 27, 2021 10:03 AM

@ Tatütata,

The current system used by my own bank is a small device (~4cm x 6cm x 8mm) with a camera and a display that you point at a color dot pattern shown on your computer monitor. The dots can be saturated R, G, B, or white, so overall there would be roughly around 1000 bits of info in a typical 25×25 square grid.

It’s not secure, it breaks the cardinal rule of,

The transaction must go through the user.

It’s the same reason Secure Messaging Apps are not secure as it alows the communications channel to “reach around” the “security end point”…

One of the designers of the first system was at the UK Cambridge Computer labs and put an article up on it quite some time ago on the “lightbluetouchpapet.org” blog. I pointed out over a lengthy discussion that it was easily subject to “covert channels” and just one of the ways I would do it.

Whilst I’m not yet aware of anyone doing it, a supply chain attack on the device would be the starting point. Such attacks have already happened on supermarket (UK Sainsburies) ePOS devices and on those “pay at the table” systems used in restaurants.

As these “banking devices” are effectively “sold by the pallet” at the lowest possible price the banks can force them doen to, it’s doubtfull that “security” of the supply chain even figures in the unit pricing. The best you could hope for realistically is a “tamper evident seal” on the device and maybe one on the individual shipping carton which would be trivial to bypass.

So an attack on them will almost certainly happen at some point the only question is “when”.

Leonardo Herrera May 27, 2021 10:05 AM

Tatütata, why do you think the last device you mention is more secure than a simple key fob?

wiredog May 27, 2021 10:14 AM

Tatütata
We use the RSA thingy here at work. They deal with the battery issue by having an expiration date on the back of the fob which is before the expected time the battery would die.

Once a year or so I’ve had to call helldesk to get my fob resynchronized, so clock drift happens.

Clive Robinson May 27, 2021 10:19 AM

@ Tatütata,

Forgot to mention, your bit calculation is of “RGBW” gives “2bits per dot”.

Secondly,

Using smart phones for 2FA makes me cringe.

Every one has “their crosses to bare” using a mobile phone as a “reliable” side channel, is one of mine…

SMS is a secondary service thus there was originally no promise of reliable delivery just “maybe” not “best effort”. I worked out a way to reduce the issue to be acceptable back in the 1990’s and I pushed the idea of “mobile phone” use to replace TANs-n-Tokens as people who have mobile phones tend to “keep them handy”.

Smart phones were not yet a thing back in the 1990’s, and mobile phone service providers had way better security back then as illicit long distance phone calls using “cloned phones” and the like was realy hurting their business model back then.

So whilst I have some excuse, I’m still the person who started it becoming “the one true way”… Thus you can imagine how big my cringes are just seeing people still doing it…

Winter May 27, 2021 10:26 AM

@Clive
“It’s not secure, it breaks the cardinal rule of,
The transaction must go through the user.”

I have used such a device. It simply produces a number after you entered a pin. You have to fill in number with the transaction.

You probably are right that this is not secure, but the banks do not care. There simple are too few cases of successful abuse. The banks only care about the net costs. If the costs of abuse are smaller than the cost of an upgrade, they would be foolish to do the upgrade.

And, honestly, I have yet to hear of a case where the security was broken outside of someone taking the specific appliance and entering the correct pin.

Clive Robinson May 27, 2021 10:42 AM

@ Winter,

honestly, I have yet to hear of a case

As I’ve said neither have I YET.

But all the pieces to do it are well established attacks already, so there is absolutly no “technical” reason why it could not have been done, a decade or more ago.

Especially as the cost of the devices is as both of us note “about as low as it can go”. So security is not going to feature very highly in any part of the production and delivery chains.

Hence as far as I am concerned it’s a question not of “if” but of “WHEN“.

Fazal Majid May 27, 2021 11:04 AM

Authenticators that are not integrated with the browser as done by WebAuthn/FIDO2/U2F do not authenticate the website and are thus vulnerable to phishing or similar realtime man-in-the-middle attacks.

Sadly very few sites support U2F today. Only Google, Twitter, GitHub and Gandi in my own experience.

Obi May 27, 2021 11:35 AM

Authenticators that are not integrated with the browser as done by WebAuthn/FIDO2/U2F do not authenticate the website and are thus vulnerable to phishing or similar realtime man-in-the-middle attacks.

Not per se.

Implementation example:
– User request A currency to be transferred from account B to C
– Website encapsulated that transaction in some compressed format
– Website signs this with public key (used only for this purpose)
– Website presents this to use in a some QR-code or dot-weirdness form
– Users token scans it and it displays it
– User enters pin on whatever on token
– Token generates signature (after verifying bank signed the request)
– User enters signature in website
– Website verifies signature match

IMHO this would stop most attacks that I’ve heard of.

echo May 27, 2021 12:45 PM

@Clive

<

blockquote>So whilst I have some excuse, I’m still the person who started it becoming “the one true way”… Thus you can imagine how big my cringes are just seeing people still doing it…

<

blockquote>

You too? I’ve let my fingerprints on a few things. Less now as things have changed and I’ve been nudged from the front row to the backseat to the lobby although face down on the pavement may be closer still. Those fingerprints have left traces in the media or were reasons behind why a story here or there was in the media.

Politicians and staffers don’t have my skills so some things were fumbled at the time. One of these caused some embarassment for a very “senior” politician at the time but I understand from what little leaks out has now become integrated with standard practice. At the time they were getting a significant number of stories onto the media agenda. After my input ceased this dropped off. This leads me to one “good idea” I had at the time. I daren’t say what it is but it’s an item or issue which does become a media topic now and again and I fear may have been responsible for a shift in political strategy in some quarters which led to the current state of where we are today. I say may. It’s not that I said anything new but I feel that some people can take things as permission and it gains new legs.

I’ll just say some people who crave power at any cost don’t get a joke or care about nuance and philosophical underpinnings and “good enough” can come back to bite you.

What does this have to do with telecoms networks and a “good enough” sub-component? These systems can be used as a model for organisations.

Yesterday I spent a little time explaining to the lawyer how people relied on a solid pillar of authority and how this could be unpacked and how there was a legal and scientific basis for this as well as issue of perception and developing narratives and changing the political tilt. The pillar of authority can be unfolded like a concertina revealing lots of different layers and timelines and otherwise hidden communications channels and nodes of power and points of exploit. If the lawyer didn’t get anything else I got the feeling they sensed I was on to something and suddenly that pillar of power didn’t look like the solid fortress it was thought to be. They are a capable lawyer but I was slightly surprised a lawyer of their capability hadn’t noticed this. I suppose it’s easy to do as, perhaps, an engineer or software developer may be lulled into a sense of complacency about a pillar of power, or fortress, or framework.

With regard the Chinese attack on RSA: “Be like water”.

Sancho_P May 27, 2021 1:10 PM

@Clive Robinson, re
“The transaction must go through the user.”

I think it does (I use an older but similar device):
To start the device I have to insert my bank’s debit/credit (chip) card and to enter the pin code (*). The card has to remain present during transaction.
Then the device reads a flickering code from the transaction form of the PC screen,
“The pattern contains not only the challenge, but also a description of the proposed transaction, which you can verify on the device’s display.” (@Tatütata)
You must confirm the details of the transaction (amount and destination) by pressing “OK” on the device.
Now the device calculates and displays a (hardly readable) 7-digit code which must be typed into the transaction screen by PC keyboard.

I think that’s a lot of user action + “chip card present and authenticated” to be inconvenient, so it might be secure even to a simple supply chain attack?

(*) The only problem I have here is the 4 digit pin code which is only secure when the device can render the card invalid in case of 3 bad authentication attempts –
But unlike an ATM it can’t (or at least it doesn’t).

SpaceLifeForm May 27, 2021 1:28 PM

@ Tatütata

Devices are shipped blank, but are activated with a special printed pattern which you must keep secure.

This is the ‘same paridigm, same problem’ as the RSA SecurID.

There is an outside party that has the secret.

A better approach would be that the end user generates their own PrivateKey/PublicKey pair. The user securely saves on paper their PrivateKey and then they enroll their PublicKey at the bank. From a KYC perspective, make the user customer show up at bank with identification and HSM, and prove a challenge on site as part of the enrollment process.

The bank now has ID-PublicKey relationship.

The bank does not have any PrivateKey.

The bank can not be hacked to have any PrivateKey be exfiltrated.

SpaceLifeForm May 27, 2021 2:59 PM

@ Moderator, -, Clive, Lurker, Anders, ALL

In the interest of messing with the troll-tool (that I expected to not disappear in spite of the faux apology), any chance you have some magic software that will automatically throw comments posted from GMT+3 until GMT+11 into moderation?

That would be CDT 02:00 thru 10:00 currently as CDT is on Daylight Saving Time, where the server lives.

Based on plenty of historical evidence, that is when they show up.

Should not interfere with any intel collection. The traffic analysis will still be functional.

Yes, I know that is the window some of us may be here, but I think we can work-around that for a while.

Also, how about a link at top that goes to just after last comment? That would make it easier to scroll backwards vs having to scroll forward thru thousands of ‘ones’.

Clive Robinson May 27, 2021 3:01 PM

@ Sancho_P,

Then the device reads a flickering code from the transaction form of the PC screen,

So, PC to device.

Not PC to user to device.

So it’s excluded the user, thus any number of covert channels could be in effrct and the user would not know.

So “rule broken”.

echo May 27, 2021 3:49 PM

@SpaceLifeForm

ROTFLMAO

Very, very few lawyers get the tech, and you would be broke explaining the issues due to billable hours.

Hopefully, it was Pro Bono.

I’m not discussing anything which gives clues about the case or the particular lawyer I was discussing things with.

The point really was at a system theory level different equivalent systems and different points of view can have a high degree of similarities and overlap and how the different starting points can bring different skills and insights to the table. I know things and have methods and approaches most lawyers don’t because they are lawyers. The reverse is also true.

In some ways I am less constrained and more used to joining the dots between apparently unrelated points which may usually be overlooked to uncover hidden data or lies concealed behind a nod along truth. (This bit they got when I explained formal analysis of the broader pool of historical data and context can reveal a lack of integrity to a statement and betray a lie.) I didn’t discuss technology or any technology. I kept it at the generic discussion level with quick and dirty concepts and comparisons.

https://www.theguardian.com/world/2021/may/27/how-kate-bingham-got-caught-in-the-crossfire-according-to-cummings

A venture capitalist, Bingham was appointed the unpaid chair of the UK’s vaccine taskforce in May last year and has been credited with leading a team that allowed the country to forge ahead with its vaccine programme.

But Cummings’ testimony described a toxic backstabbing environment in Whitehall, and how there were negative briefings against people such as Bingham from within the government.

Though the prime minister had asked Bingham to lead the taskforce, MPs heard the briefings against her were said to be coming from within No 10.

While appearing to go off on a wild tangent I have been collecting examples of bad behaviour behind the scenes of the mask of boring authority the state sector holds up which have been leaking out. I’ll leave it to someone else to describe this as a network with nodes of power and backchannels and corrupted data and so forth. While not the best example it goes to show how a system on paper, CV polishing jobtitles who like to peddle pedestrian front ends, and informal of the record individual psychology and social networks are worth examining as it can help unpack policy positions or a particular organisational arrangement which itself can reveal more and more information and bring into question the public fortress on display. A nice shiny case can contain all maneger of bodge jobs and kludges each with their own history and reason for existing and suddenly that nice shiny case doesn’t look so appealing.

And there you find the shiny little nugget of truth, like the stolen RSA keys hidden within an apparently impregenable fortress. Well, that’s the plan. Most of everything about the case are known knowns. There are no mega surprises to anyone familiar with anything but it might be enough.

@Clive

As I’ve said neither have I YET.

But all the pieces to do it are well established attacks already, so there is absolutly no “technical” reason why it could not have been done, a decade or more ago.

Especially as the cost of the devices is as both of us note “about as low as it can go”. So security is not going to feature very highly in any part of the production and delivery chains.

Hence as far as I am concerned it’s a question not of “if” but of “WHEN“.

I’ve said for some years if I can think of something someone will do it or sometimes more alarmingly have already done it. Some may recall this thought crossed the mind of a senior American military officer when discovering issues with the Minuteman launch system and the fact the Russians may known about this and tampered with the cables. They may not and it may have come as much a surprise to the Russians as the Americans but the question did raise a sweat as you can imagine.

I have no idea if my case will be progressed with this lawyer but I’ve planted a few ideas in their head. As for whether they bear fruit or not with my case or years down the line I have no idea. They are not as bloodthirsty as me but a crack in the dam or a minor graze drawing blood can be the beginning of the inevitable.

The freeing and unfreeing of water over years can crack the strongest rock. A house built on sand falls. When the fire is lit the rice is already cooked. Me? I just want to retire from it all and buy a dog.

lurker May 27, 2021 4:17 PM

@SpaceLifeForm: A better approach would be that the end user generates their own PrivateKey/PublicKey pair.

That’s what they do for PGP, and look how successful and widespread PGP is …

lurker May 27, 2021 4:28 PM

@ Clive [from 10 years ago]

Why on earth considering the security implications of unauthorized access to this database is it doing connected to an external network either directly or indirectly.

There must be an awful lot of surviving subjects of P.T.Barnum’s apocryphal jibe about the intelligence of the public. A large hospital here cannot continue oncological radiotherapy because the computer controlling the machine is offline, with everything else, following a ransomware attack.

SpaceLifeForm May 27, 2021 5:26 PM

@ lurker

That’s what they do for PGP, and look how successful and widespread PGP is

Security is Hard. PITA.

Users want Fast, Cheap, Secure model. Pick one. FAIL.

Compare to Fast, Cheap, Good model. Pick two.

(the latter is what good devs will throw back at their incompetent management)

echo May 27, 2021 5:38 PM

@SpaceLifeorm

Be careful.

I have high level of confidence that I may have ID-ed you.

Seriously. I do not make stuff up.

I was not and am not trolling you.

That said, I may know your handle on another site.

I’m not going to reveal in any manner because I want to protect your privacy.

But, be careful.

Always possible. I have an internet footprint bigger than Bigfoot. Seriously, I am all over the place. I think I know what may have clued you in but I’ll just mention the lawyer is aware of a range of issues and if it is what I think it is it’s also a potential item of the case for reasons I won’t disclose, obviously, and not necessarily for the reasons you may suspect. I wish I could say more but that would disclose case details and strategies and possibly reveal the lawyers identity. Um, well. On to the weather, hey?

ADFGVX May 27, 2021 9:34 PM

@ lurker • May 27, 2021 4:17 PM

@SpaceLifeForm: A better approach would be that the end user generates their own PrivateKey/PublicKey pair.

That’s what they do for PGP, and look how successful and widespread PGP is …

  1. They aren’t respecting our privacy or longevity when they call us “end users.”
  2. There’s a little bit too much of an online “locksmiths shop” in town where the PGP // GnuPG encryption standards are “groomed” or “curried” a bit too much if you will for lawful police access and legalistic “verification” of signatures with or without any true end-to-end “encryption” which tends to be highly discouraged by such authorities as NSA, U.S. Marshalls service, Europol, Interpol, German Bundesnachrichtendienst, etc., etc.

Clive Robinson May 28, 2021 12:16 AM

@ lurker,

That’s what they do for PGP, and look how successful and widespread PGP is

PGP has serious usability issues, to the point you almost have to read the source code to know how to use it…

So bad in fact that people have written copiously about it’s UI failings. Perhaps the most famous are,

1) Why Johnny Can’t Encrypt[1].
2) Why Johnny Still Can’t Encrypt[2].
3) Why Johnny Still Still Can’t Encrypt[3].

Across more than a decade and a half, the first of which appeared in 1999. Which have in their turn spawned other papers in similar domains,such as Matt Blaze’s

4) Why (special agent) Johnny (still) Can’t Encrypt[4].

From a decade ago.

As Matt Blaze ‘summed up’

“When Whitten and Tygar published their classic paper “Why Johnny Can’t Encrypt” at Usenix Security ’99, they showed how an apparently “secure” crypto mechanism — the PGP email encryption system — can be effectively neutralized by an opaque, overly technical user interface. Almost everything they observed about PGP more than a decade ago applies to P25 radios today.”

What Matt had noticed as others before him had and yet more still do, is that PGP and nearly all secure email systems are in practice “One Way Cryptography”.

That is they are for “Off Line Operating” in effect as others have put it “Fire and Forget” systems that do not have the two party or more importantly “end to end” negotiation[5].

Such Off-Line systems are at best very poorly considered by the Crypto community.

Which is odd when you consider that it is only since the 1980’s that “On-Line” working became possible thus enabling bi-directional negotiation protocols for Communications Security. Especially as CommSec had worked fine in Off-Line mode for several millennia before that…

It’s this “Off Line” or “One Way” opperating that is the root cause of the overly complex UI, not just in PGP, but in most Secure Email systems of the time and still is today. In an effort to “try to cover all bases” or “all use cases” the complexity quickly became immense and beyond most people (including developers) comprehension.

The immensity of the problem was so great, that ultimatly the almost impossible to comprehend complexity of the UI was not just discouraging ordinary users but actively repulsing them and even “techno geeks”…

The result as we have seen with the “supposadly” Secure Messaging Apps, is users just want to ignore security, and are quite happy to have several entirely incompatible systems on their mobile devices.

It was the UI that “Killed the Crypto Star” not the asymetric crypto.

[1] https://people.eecs.berkeley.edu/~tygar/papers/Why_Johnny_Cant_Encrypt/USENIX.pdf

[2] https://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf

[3] https://arxiv.org/pdf/1510.08555

[4] https://www.mattblaze.org/blog/p25/

[5] Crypto use like much else to do with Communications Security has a very real “Caught between the Devil and the Deep Blue Sea” aspect to it. The issue is “auto-negotiation”, something that is a very real requirment these days, so that different systems and even different revisions of the same systems can gain a “working compatability”. So that different users or computers can do what they were designed to do with data. So that it can be,

1, Stored.
2, Communicated.
3, Processed.

Securely amongst a group of people for collaborative reasons.

The problem is “auto-negotiation” is one of those very bad “Make it So” paradigms we can thank Science Fiction script writers for. In short it is a “hand waving excercise” designed to trivialize complexity by assuming “users do not need to know the way it works”. Thus it’s primary design goals are,

1, Obtain compatability.
2, Work in the background.
3, Not inform Users of selections.
4, Not alarm users.

The problem is it is a “down grade” system that is “hidden from sight”. Which is just what an attacker most wants from an attack vector.

So as an attacker you perform a “Man in The Middle”(MITM) attack, and force both parties down to the weakest common protocols they have. Thus making an attack effort or resource requirment minimal.

Off-Line systems, obviously can not auto-negotiate, thus the user “picks what is most likely to work” which in practice is again another,”Down Grade” process.

The result in both On-Line and Off-Line systems is, more often than not “poor security” and even “no security”…

So far researchers have avoided this rather important issue, and I can see them continuing to do so for the foreseeable future. Why? It’s based on the “Can’t fix stupid” principle. That is anyone who thinks on it will realise that whilst it is on the face of it a “technical issue” the practical reality is it’s a classic “free market” problem which without “regulation” always becomes a “race to the bottom”… Further that Governments will not pass legislation, make regulation, or alow standards to be made, that will stop what they consider their “eminent domain” right to spy on anyone they so chose at any time or place. We know this because they have already passed legislation like RIPA and IPA in the UK and similar in many Western Nations. MITM Attacks to “down grade” security are the nearest thing to a “Backdoor in Security” that exist. It is after all why the NSA,

1, Fritzed the AES contest.
2, Strong armed Standards bodies.
3, Bribed Security Vendors (RSA).

And probably worse to get “side channels” that leak KeyMat in On-Line systems using AES, and backdoored random number generators to leak KeyMat in both On-Line and Off-Line systems.

Winter May 28, 2021 1:28 AM

@SLF ao
“any chance you have some magic software that will automatically throw comments posted from GMT+3 until GMT+11 into moderation?”

Would probably help, but only against this one troll.

I saw yesterday that the Troll-tool spend hours making comments. I think at least 2 hours posting every few minutes, if not more, and doing so over a period of 8 hours. This must have cost it at least half a day of intermittent activity.

However, looking at the posts, it must have taken the Moderator maybe 15 minutes to kill them all.

And looking at the troll comments, I saw only little “payload”, stuff that actually would matter in some weird sense. Most of the time it was simply space filling nonsense aimed at making the comment section unreadable. But that was all done at a time when there is little or no posting anyway (mainly me).

All in all, I do not see much ROI for the troll. But as someone already noticed here, narcissists are aggressive and spiteful. I assume @- is right, that the Troll-tool has little useful activities outside wasting time on blogs it does not understand.

Narcissism and aggression:
ht tps://www.salon.com/2021/05/27/narcissism-and-aggression-go-hand-in-hand-study-says/
ht tps://www.dailymail.co.uk/sciencetech/article-9617125/Narcissists-likely-aggressive-violent.html
(URLs fractured for your protection)

SpaceLifeForm May 28, 2021 1:51 AM

@ ADFGVX, lurker, Clive

Regarding PrivateKey/PublicKey keypairs. I’m not talking RSA. RSA is dead.

Move to curve. Those that fail to do so may end up in the dust.

There is a lot of InternetOfShit^Wstuff out there that will have to be replaced.

(yes, that is a real twitter account. And, no, my shoes do not have working BlueTooth)

Clive Robinson May 28, 2021 5:51 AM

@ SpaceLifeForm,

Move to curve. Those that fail to do so may end up in the dust.

It’s why I said “asymetric crypto”.

Because even those bouncing back and forth on a curve are going to find the ‘new methods’ will have caught up with them. And whilst they will get away with things by adding length every year or so, to increase a potential attackers resource usage that quickly becomes unproductive…

For example, people are talking about RSA key lengths of 8,000-16,000 bits or 1000-2000 bytes. That’s a half to a full page of text (2chars/byte, 80chars/line and 50lines = 2000bytes). When an email’s contents might not be even 250chars…

As I’ve mentioned befor, crypto algorithms appear to have a relatively short shelf life of about ‘a quarter of a century’ to be on the safe side, stretching out to maybe a third of a century.

Thus most hashes, asymetric and symetric algorithms in main stream usage should be considered due to be “End of Life’d”(EOL’d) by now.

As I’ve mentioned before, there are utility meters, implabted medical electronics and industrial control systems that are expected to have a half century “in service” life. So realistically any “Secure Device” will need to update it’s crypto algorithms atleast once in it’s Expected Service Life.

Oh and it should be abundantly clear to everyone by now, that any device with any kind of connectivity including “just a local serial test port” should be a fully Secure Device these days…

Which is why a while befor the NIST Secure Hash Three competition, I started saying that NIST should stop the Crypto Algorithm Competitions and concentrate on coming up with a standard for an expandable framework into which updated or new crypto algorithms and the usage modes they use could be “dropped in” and that it be mandated that all “devices” need to use it to get approvals for use.

But hey, by the time they wake up to the need for it, it will already be a slaughter ground of broken systems based on devices that can not be remotely updated, or manually replaced due to difficulty/cost.

Let’s put it this way, the way the medical insurance industry is going around a quater of the people reading this blog will get “implanted medical electronics” put in them. Whilst they generally don’t “crack your chest” these days, you still do not want to be going into hospital for an operation as it’s a significant health risk (1:1000). Especially because some joker has worked out how to turn that “bluetooth beaconing” system put in mobile phones for COVID tracing, into a way to fritz the values in your pace maker into a “Be-Bop Box” making your heart breakdance in your chest…

As they once said in the 6 Million Dollar Man intro “We have the technology”… So you know that some prat is eventually going to do it for a laugh / religious belief / Secret Government Orders / legislation etc for not paying a fine or some such.

Sancho_P May 28, 2021 4:46 PM

@Clive Robinson re “rule broken”

Yep, we don’t know what the PC talks to the device …
However, to exploit that particular “weakness” one has to hack both, the banking SW and the device FW:

The device has to know what intended transfer data to display (so I’d confirm the transaction), plus the diversion data, but compute only the diversion data code (that I’d enter into the PC banking form).
The PC banking form initially would have to accept my requested transfer but internally ask the banking server for both, the requested and diversion details, send both to the device, and finally send only the diverted transaction including the generated diversion code.
… Um, it’s possible.

OK, user reading the encrypted data of the intended transfer from PC screen and manually typing it into the device would stop even this double hack.
Thanks for making me think!

Clive Robinson May 28, 2021 7:43 PM

@ Sacho_P,

Um, it’s possible.

Yes, and the individual parts have all been done, so we know they can be done.

The only thing we don’t know yet is if somebody has done it…

Banks use such devices with “whales”[1] and “corporates” as well as Jo Average and her personal bank/cheque account.

So arguably there is an incentive to do it. Nobody thought you could steal a Billion Dollars via what is “wire fraud” yey it’s been argued that North Korea very nearly did one weekend[2] back in Feb 2016.

It’s the problem with “one size fits all” solutions, which SWIFT effectively is.

The banks actually do not care as others have noted for years, they have “externalised the risk” and done so “at the lowest possible cost”.

The hard part about such potential vulnerabilities is being able to spot them, before others take advantage of them, and the majority are left standing there in effect thinking it was “done like macic”.

In part this is because “Security is hard” because often “you can not see the vulnerabilities”, you have to actively “think hinky” as our host has pointed out occasionaly.

But when it comes to “Standards” and “Protocols” these are not just hard but very hard quite often. Years ago on this blog I noted that if I were the NSA I would attack,

1, Standards.
2, Protocols.
3, Implementations.

Based on then quite sketchy evidence of their past behaviours[3] and having come up against “finessing” in a telecommunications “Standards Process” where they played the “Health and Safety” card to put a major security hole into the mobile phone specifications. It set me to thinking “how would I…”. I then realised they had attacked the NIST AES competition by Duping NIST and got away with it. So I just kept digging, and found that the ideas I was having for attacking Crypto Systems in fundemental ways “showed tell tales” that someone had “been there before me”.

So I realised if there was even one tiny chink in a system where they could “slide something by” then they would work out how to do so. Back then whilst “information had value” it mostly did not have value your typical criminal would be intetested in.

That is nolonger so, and OK who ever tried to steal the Bangladeshi Money did not get the Billion, due to a tiny slip up. But they did get nearly 100million, I’m sure that what ever resources the attackers used, it cost them a lot lot less than that, so they would have made a profit, thus the ROI was very much in their favour…

I guess that’s the point at the end of the day, the falling price of technology means it becomes ubiquitous thus worth putting a little “Investment” in early on. At some point somebody will use the technology in the wrong way and high value will become available via any flaws your early “Investment” highlighted. That’s when a massive “Return” can be made if you are prepared.

The thing is with Cyber-Crime up untill recently the “Crackers / Hackers” were not prepared. That is they could like traditional ambitious crooks “do the crime” but they had not put in place all the other “down stream” parts by which you “profit” from the crime, and because of that they get caught…

The new Level III Cyber-Criminals are comming at it “the other way around”. That is they have the down stream parts already sorted out and whilst they have provided a service in the past to criminals, they now see advantages in doing the whole thing without having to pay others. Thus not only do they get “a larger slice of the pie” they can go after the largest of pies, that nobody else would think/dare to…

We’ve had thirty years or so, to prepare for this, but let’s call it “for complacency reasons” we have not. Part of that complacency is we do not think about other entities in the correct way, so we make assumptions. In this case we think Banks, Security Companies and Cloud Providers would have our security interests in mind as “good business policy” whilst they actually see it as a “liability” and do their best to pass it on to others which turns out to be us. Therefore it falls onto us to maintain our own security despite the “best efforts” of Banks, Security Companies and Cloud Providers to take our profits, for no liability…

As I’ve remarked before people think it strange that I don’t have a credit card, don’t do online banking, or online shopping. Whilst I think it’s strange that they do…

Can I see ways to mitigate the behaviours of Banks, Security Companies, and Cloud Providers so that having a credit card, online banking or online shopping carries only marginal loss potential? Yes I can. But when I ask myself “What is the price of entry, and maintainence of the mitigations -v- the advantages of those services to me?” I find in my case,the cost out weighs the benifit, so it has a negative ROI.

I suspect it is similar observations made by @Ross J. Anderson and our own host @Bruce, that started Ross down the road to founding a new field of research “Security Economics”, rather than keep trying to find ways to make Smart Cards and the like secure, when those buying them won’t pay for the security.

[1] I’ve never liked the “whale” term or the “high roller” term for people of affluence but it’s perhaps less offensive than the more general “marks”, “dupes”, or “pasties”.

[2] “perpetrators attempted to steal US$951 million from the Bangladesh Bank’s account with the Federal Reserve Bank of New York. The theft happened sometime between February 4–5, 2016 when Bangladesh Bank’s offices were closed for the weekend.”

https://en.m.wikipedia.org/wiki/Bangladesh_Bank_robbery

[3] We now know with the likes of Crypto AG this is just one of the things they have been upto. Then there was the Dual Eliptic Curve CS-RNG issue, and a few others.

Charlie Zaloom May 28, 2021 7:50 PM

Bruce, Why didn’t RSA just work a deal like the Dual_EC_DRBG gig? (Everyone has a price, right Art?)

SpaceLifeForm May 29, 2021 1:32 AM

@ Winter, –

I say with high confidence that the Troll-tool is Internet Research Agency.

It’s many people. GMT+3 thru GMT+11 most of the time.

Probably a mindmeld of CozyBear and FancyBear. Call it APT-28.5 maybe.

SpaceLifeForm May 29, 2021 2:22 AM

@ Sancho_P, Clive

OK, user reading the encrypted data of the intended transfer from PC screen and manually typing it into the device would stop even this double hack.

Almost there.

It’s not just KYC (Know Your Customer). It’s also KYB (Know Your Bank).

As part of the protocol, whatever challenge is sent by the bank to the customer, MUST BE SIGNED. TLS is not enough.

The user must be able to verify that the challenge was actually created by the bank.

Winter May 29, 2021 5:00 AM

@SLF
“Probably a mindmeld of CozyBear and FancyBear. Call it APT-28.5 maybe.”

If you assume they employ narcissist incompetents with anger issues and bad impulse control. But maybe they have HRM problems with skills shortages.

On the other hand, I don’t think this blog is a high value target. So this task might have been shoved down the feeding chain until it reached the bottom of the barrel.

- May 29, 2021 6:58 AM

@SLF:
@Winter:

“I say with high confidence that the Troll-tool is Internet Research Agency.”

I suspect that the Troll-Tools are of Foreign origin or financing but I think it’s a new group, thus might be Chinese in Origin trying to look like Russian’s trying to look like anti-vaxxers in what is both an economic and hearts and minds war.

But also consider then salient point that ‘Foreign’ also equally applies to “Off Shore Corporate” which is a very distinct possability when you dig into it.

The US clearly started a COVID19 vaccination war out of which the US Government profits both economically and politically (see what went on in South Africa).

It’s now clear to just about everyone that the FDA were and probably still are under direct instruction to not Approve anything that is not either US in origin or reflects favourably on US vaccine tech. The FDA shot themselves in the foot over this direction with their little nonsense about the AZ vaccine people “witholding evidence”, that was easily disprovable[1].

But you will not have heard that via MSM which is controled even outside of the US by US related interests (of which Ruppert ‘the bare faced lier’ Murdoch’s News International is just the most obvious due to the obnoxious and illegal activities it cloaths it’s self in).

Thus anti-non-US stories were broken by Murdoch Journalists, that is where the brain blood clot stories originated from. However what they did not reveal is the just as dangerous “Hepatic Portal clots” problem, which tells you something distinctly iffy was going on…

As it turns out both the AZ and Pfizer vaccines lower the incidence of brain blood clots below that of the pre COVID background levels. Something the European Drugs Agency was at pains to point out, but it got quite deliberatly down played and ignored by certain journalists.

What you probably will not have heard is that whilst the incidence of brain blood clots with AZ is very slightly higher than it is with Pfizer, the incidence of hepatic portal clots is over fifty times that of AZ for Pfizer, which is of concern.

The information is publically available via the various adverse effects reporting systems, but you have to know how to search the databases to find it. One set of researchers did that and published a report that fairly quickly got ‘deep sixed’ and witheld from MSM reporting. Those that reported it via You-Tube and similar got their reporting pulled as “fake news” by the actions of a group of people who appear to be ‘affiliated’ directly or indirectly with various drugs companies, one of which was actively pushing fake news from it’s web sight…

Thus a serious ‘economic warfare campaing’ was started fairly early on, which makes some of the tricks the tobacco and asbestos companies pulled in the past look trivial.

The US executive also started a political disinformation campaign against China over Wuhan, and unfortunately this is still persisting and getting worse by innuendo not facts.

Whilst this propaganda appeared to be aimed at Western nations in the Northern Hemisphere it is actually being used to delay or stop vaccinations in large parts of the world, which for the US and their favoured drugs companies means more profit and influance as SARS-2 rapidly spreads and new varients arise and get effectively ignored untill they have a good community foothold in many countries.

The recent FDA changes with regards the “chill chain” so that the mRNA vaccines can become usable outside of the first world surprised many in the medical profession, but I guess not those who study geo-politics and geo-economics.

Part of the attacks by the US are in response to early help pushed by China to poor nations. Contrary to what many are led to believe this was not started by the Chinese Government but individual Chinese industrial billionairs, as charity. The Chinese Government nearly stopped it untill it realised the propaganda value for ‘hearts and minds’ so they then ‘took it over as policy’.

Without going into details similar can be seen going on with Russia, using it to gain influence in Eastern Europe, due to the EU Council of Ministers making mistake after mistake and thereby creating significant political mistrust to build up rapidly and ‘EU Central Poilcy’ to become fractured at best.

But it appears that disinformation is now beong run and this includes false flag operations and financing much the same as was seen back in the run up to the 2016 US elections and earlier Brexit (which by the way is curently happening again in Switzerland over treaty renegotiations).

It’s got so bad that there are offers being openly made of several thousand dollars a week for various attacks on vaccines, and they are poping up all over the place.

As the attacks on this site are coincident with “Russian time” and appear to get triggered by “anti-Russian comment” it would be easy to conclude the attacks are “Russian in origin”.

But that was said about illegal Brexit funding that was routed through Russia but was traced back to a power struggle between three families trying to get control of the US GOP / Republican Party. Unfortunately the ‘Cambridge Analytica investigation’ was politically stopped when it started to show just how much one of the families had been actively and illegally involved in money laudering to make illegal hidden campaign contributions.

So as @SLF says “Atribution is hard”. Thus caution is advised.

[1] Put over simply what happened was the FDA required data to be submitted based on individual trials, and that obviously fell into “time ranges”. AZ complied with the requirments but as they had multiple trials they had multiple data sets covering different time spans, none of which was “secret”, it had bern made available to other regulators in an ongoing process. So the FDA having received the data they requested in the very specific way they requested then, fully knowing there was other data available as it had openly gone to other regulators and been made available if the FDA had wanted it, then accused AZ of witholding it.

Winter May 29, 2021 10:11 AM

@-
“The US clearly started a COVID19 vaccination war out of which the US Government profits both economically and politically”

It started with the previous president trying to get exclusive access, with exclusion of the rest of the globe, to a promising vaccine candidate (became Pfizer/Biotech). Nothing COVID-19 related this president did was humane or effective.

The online Anti-vaxxer movement is largely driven by 12 people.
ht tps://mashable.com/article/disinformation-dozen-study-anti-vaxxers/

The most prolific is
Joseph Mercola. Mercola is an alternative medicine promoter who runs a multimillion dollar online business selling treatments and dietary supplements.

Winter May 30, 2021 1:12 PM

@SLF
“I do. You do not.”

Probably, but what should I say. A lot of it is rather far fetched, but not enough to cry wolf.

Eva May 31, 2021 7:46 AM

The theft of the original RSA SecurID token values ​​compromised the cybersecurity of thousands of the company’s customer networks.

This initial attack vector was not particularly difficult. The attacker would not be able to exploit the vulnerability in Flash if the victim was running a later version of Windows or Microsoft Office, or if she had limited access to install programs on her computer. According to RSA representatives, two groups of hackers were involved in the hacking: one highly qualified group used the access of the other.

On an Australian employee’s computer, someone used a tool to steal credentials from the device’s memory and then reused those credentials to log in to other systems. The hackers then began looking for administrator credentials and eventually got to a server containing the credentials of hundreds of users.

TRX June 4, 2021 2:28 PM

– Users token scans it and it displays it

If this part involves “using a mobile phone”, then the whole procedure is just security theater.

TRX June 4, 2021 2:39 PM

3) Why Johnny Still Still Can’t Encrypt[3].

It doesn’t matter how great your algorithm is, if your implementation stinks.

TRX June 4, 2021 2:50 PM

banks actually do not care

Most smaller banks in the USA have signed on with one of the big banking IT providers and outosurced the whole thing.

Contractual and statutory liability get harder to litigate then.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.