QUANTITY OF CRYPTOGRAPHERS?
If audio player is not visible, Listen here directly on Soundcloud.
Featuring Doug Aamoth and Paul Ducklin. Prelude and conclusion music by Edith Mudge.
You can tune in on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, and wherever high-quality podcasts are discovered. Or input the RSS feed URL into your preferred podcatcher.
REVIEW THE SCRIPT
DOUG. Faulty light bulbs, WinRAR defects, and “Airplane mode, [HIGH RISING TONE] question mark?”
All this and more on the Naked Security podcast.
[MUSICAL MODEM]
Welcome to the podcast, everyone.
I am Doug Aamoth; he is Paul Ducklin.
Paul, what’s on your mind?
DUCK. On my mind, Doug, is that…
…that was a remarkably accurate portrayal of a question mark inquiring.
DOUG. Yes, I tilted my head almost horizontally.
DUCK. [CHUCKLES] And then a solitary woodpecker strike right at the base, PLOCK, just to enhance the effect.
DOUG. Well, speaking of inquisitions, we have a marvelous one… I am eagerly anticipating This Week in Tech History.
DUCK. Excellent pick!
The Seguemeister is back!
DOUG. If anybody is familiar with Miss Manners, she is advice columnist Judith Martin.
At 84 years old, she is still dispensing guidance.
In her column dated August 26, 1984, she tackled a crucial question.
Let me read this verbatim as the description is too captivating: excerpt from computerhistory.org, a fabulous site for tech history enthusiasts.
Miss Manners delves into a new area of decorum in her August 26 column…
Recall, this is 1984!
…as she addressed a reader’s worry about composing personal letters using a personal computer.
The concerned individual found the computer more convenient but was anxious about the low quality of their dot matrix printer and the accidental reuse of content from one letter to another.
Miss Manners advised that computers, like typewriters, were generally unsuitable for personal correspondence.
The recipient might mistake the letter for a contest entry.
DUCK. [ROARING LAUGHTER] Do you hold four aces?
Here are three… pick your fortuitous letter and reveal. [MORE LAUGHTER]
DOUG. And she remarked:
If any of your associates notice that your letter to someone else contains similar content, you will not face further correspondence issues.
Essentially, your acquaintance will fade away on their own.
DUCK. Indeed, the query clarifies itself. [LAUGHTER]
DOUG. Precisely.
Now, let’s delve into it.
We have a pair of WinRAR glitches… remember WinRAR?
First, “A security flaw related to an out-of-bounds write.”
Secondly, “WinRAR might open the wrong file after a user double-clicked an item in a specially crafted archive.”
Paul, what’s the scoop on these WinRAR issues?
https://nakedsecurity.sophos.com/2023/08/23/using-winrar-be-sure-to-patch-against-these-code-execution-bugs/
DUCK. Well, WinRAR… many people might recall it from the days of yore, when archives were often distributed across multiple floppy disks or in numerous small text-encoded snippets on an online forum.
WinRAR, in essence, established the standard for effortlessly consolidating diverse sources, reassembling them, and featuring what I believe they termed a “recovery volume”.
This entailed one or more supplementary components to enable the program to autonomously reconstruct any missing portion based on error correction data within the recovery volume, in case one or more original parts were damaged, corrupted, or missing entirely (due to issues like floppy disks or fragmented uploads in an online forum).
Regrettably, in (as I understand it, the older code handling the traditional error recovery system in the product…)
…without giving away exact specifics, upon sending someone an archive with a corrupt segment, WinRAR utilizes its recovery volume to address the corrupted segment.
During the recovery data processing, a buffer overflow occurs, leading to writing beyond the buffer’s end, potentially enabling remote code execution.
This is CVE-2023-40477, where attempting to recover from an error triggers a vulnerability that can be leveraged for remote code execution.
Therefore, if you utilize WinRAR, ensure you have installed the necessary patches.
A coordinated disclosure was made by the Zero Day Initiative and WinRAR recently; the existence of this bug is widely known by now.
DOUG. The second flaw is less grave but nonetheless requires attention…
DUCK. Apparently, this bug was exploited by malefactors to deceive individuals into installing data-stealing malware or engaging in cryptocurrency falsification, quite unexpected, isn’t it?
I couldn’t validate this as I am not a WinRAR user, but it appears that upon opening an archive and attempting to access an item, *you might receive the incorrect file* inadvertently.
DOUG. Alright, ensure you are on version 6.23 if you continue to use WinRAR.
Our subsequent narrative is sourced from the “how on earth did they unearth this bug?” file.
Researchers have uncovered a method to give the impression that your iPhone is in Airplane mode while actually keeping mobile data active.
https://nakedsecurity.sophos.com/2023/08/21/snakes-in-airplane-mode-what-if-your-phone-says-its-offline-but-isnt/
DUCK. This piqued my interest as it serves as a fascinating reminder that relying on visual cues provided by the operating system or an app, such as in a status bar or on the iPhone’s Control Center, the array of buttons accessible when swiping up from the base of the screen…
There’s an aircraft icon that, upon tapping, activates Airplane mode.
Researchers at Jamf pondered, given that’s the typical workflow for temporarily disconnecting your phone, “How much assurance can you place in indicators like the Control Center swipes on your iPhone?”
They found a means to deceive most individuals most of the time!
They uncovered a technique where despite the aircraft icon turning orange upon activation, the mobile data segment could remain active unbeknownst to the user.
Seems like you’re in Airplane mode, but your cellular data connection remains active in the background.
They pondered that if someone truly cared about security, they would think, “I should ensure that I am truly disconnected.”
They proposed the following procedure from their study: I would launch my web browser, visit a website (like nakedsecurity.sophos.com), and confirm that the system displayed an error stating, “You are in Airplane mode. Internet access is unavailable.”
At that moment, I would have been inclined to believe that I had genuinely disconnected my phone from the network.
However, the researchers discovered a method to deceive individual applications into persuading you that you were in Airplane mode when, in reality, they had only restricted mobile data access for that specific app.
Typically, if you deny Safari access to use mobile data, you should receive an error message stating, “Mobile data is disabled for Safari.”
Seeing this message during a connectivity test would alert you, “Oh, this means mobile data is still enabled overall; it’s only disabled for this specific app. That’s not what I intended; I want it disabled for all apps.”
They managed to simulate that message.
They showcased the message, “You are in Airplane mode. Internet access is unavailable.”
It serves as a strong reminder that sometimes you cannot trust what you see on the screen.
It’s beneficial to have two methods to verify that your computer is at the security level you desire.
Just to be safe in case someone is deceiving you.
DOUG. Okay, it is my pleasure to inform you that we will monitor this situation closely.
Finally, anyone who has configured a smart device is familiar with the process by now.
The device presents itself as an access point.
You connect to that access point with your phone, input your access point details along with the Wi-Fi password.
What could go amiss?
Well, it appears that several issues could arise, Paul!
https://nakedsecurity.sophos.com/2023/08/22/smart-light-bulbs-could-give-away-your-password-secrets/
DUCK. Indeed.
In this specific report, the researchers concentrated on a product named the TP-Link Tapo L530E.
Now, I don’t want to blame TP-Link solely… They mentioned they selected it as it appeared to be the most commonly sold so-called smart light bulb on Amazon in Italy.
DOUG. That’s intriguing as well… We discuss these IoT devices and the various security issues they encounter due to the lack of emphasis on securing them.
However, TP-Link is a reputable and established company.
One would assume that among the IoT device manufacturers, they would prioritize security.
DUCK. Indeed, there were some coding errors that should not exist in these vulnerabilities, and we will discuss that further.
There are authentication-related challenges that are somewhat complex to address for a basic and straightforward device like a light bulb.
The positive news is that, as per the researchers, “We reached out to TP-Link through their vulnerability research program, and they are currently developing a solution.”
Now, I am unsure why they opted to reveal this and publish the report at this moment.
They did not mention if they had set a disclosure deadline with TP-Link or when they informed TP-Link and the duration they allowed, which was a letdown.
If they were planning to disclose due to delays by TP-Link, they should have stated that.
If it’s too soon, they could have waited a bit longer.
However, they did not supply any ready-made code to exploit these vulnerabilities, so there are valuable lessons to extract from this.
The primary takeaway seems to be that during the initial light bulb setup, efforts are made to guarantee that the app and the light bulb both ascertain they are communicating with the correct code.
Despite these efforts, it rests on what could be jokingly referred to as a “keyed cryptographic hash”… but the key is fixed, and as identified by the researchers, it was merely 32 bits long.
Hence, they managed to deduce it through exhaustive search in 140 minutes.
DOUG. Just to clarify, a malicious actor would need to be nearby, establish a fake access point resembling your light bulb, and have you connect to it.
Then, they could prompt you to input your Wi-Fi password and your TP-Link account password, stealing that information.
However, they must be physically close to you.
DUCK. The attack cannot be executed remotely.
It is not viable for someone to send you a suspicious link from a different region and access that data.
Nevertheless, there were other flaws, Doug.
DOUG. Indeed, several issues arose, as discussed.
It appears that this absence of authentication persisted into the setup procedure.
DUCK. Certainly.
During the initiation of the setup, it is crucial that the traffic between the app and the device is encrypted.
In this scenario, the app dispatches an RSA public key to the light bulb, which the light bulb utilizes to encrypt and return a one-time 128-bit AES key for the session.
However, as with the initial exchange, the light bulb fails to inform the app, “Yes, I am indeed a light bulb.”
By orchestrating that phony access point initially and understanding the magic key for the “are you present?/yes, I am present” exchange… leveraging this vulnerability, an imposter could entice you to the wrong access point.
After that, there is no additional authentication.
Subsequently, an imposter light bulb might assert, “Here is the ultra-secret key that both you and I possess.”
Therefore, you are engaged in secure communication with the imposter!
DOUG. Surely, we have resolved all the issues by now, correct?
DUCK. Well, they discovered two additional vulnerabilities, and in truth, the third one is quite concerning.
Upon establishing this session key for secure communication, it is expected that the encryption process would be accurately performed.
According to my understanding, the TP-Link programmers made a critical cryptographic implementation mistake.
They utilized AES in CBC (cipher block chaining) mode.
This mode is designed to prevent identical packets from being recognized when data is transmitted multiple times.
With repeated data, even if the data content is unknown to the attacker, the recurring pattern can be discerned.
When using AES in CBC mode, the encryption process is initiated with an IV (initialization vector) before commencing encryption.each parcel.
It is imperative that the key remains confidential.
However, the initialization vector should not be kept secret: you simply embed it in the data at the beginning.
The crucial aspect is that it must vary each time.
If you reuse the IV, encrypting the same data with the same key will yield identical ciphertext on every occasion.
This leads to recognizable patterns in your encrypted information.
Encrypted data should exhibit no discernible patterns; it should resemble a random sequence of characters.
It appears that the programmers in question decided to generate the key and initialization vector at the outset, and then, whenever they had data to transmit, they consistently utilized the identical key and initialization vector.
[WARNING] Avoid this practice at all costs!
And a helpful memory jogger is to recall another term in the realm of cryptography: “nonce,” an abbreviation for “number used once.”
The clue is right there in its title, Doug
DOUG. Understood, have we covered all bases now, or is there still an outstanding issue?
DUCK. The final issue identified by the researchers, which is problematic regardless of correct IV utilization (though more critical if not used correctly), is that the requests and replies being exchanged were not consistently timestamped, opening up the possibility of resending an old data packet without understanding its significance.
Keep in mind, the data is encrypted; its contents are inscrutable; you cannot replicate it… but you could potentially resend an old packet, say from the previous day, and replay it today. This could have devastating consequences even if an attacker is unaware of the packet’s content and intentions.
DOUG. So, it sounds like the TP-Link engineering team is facing an intriguing challenge in the upcoming weeks or months.
On a lighter note, Richard contributes to the discussion by posing a fresh version of a classic query:
What’s the required number of cryptographers to change a light bulb?
This question certainly brought a smile to my face.
DUCK. Same here. [CHUCKLES]
I was thinking, “Oh, I should have seen that coming.”
DOUG. And your response:
At least 280 for traditional fixtures and up to 2256 for contemporary lighting.
Excellently phrased! [LAUGHTER]
DUCK. This is a reference to current cryptographic standards, which mandate a minimum of 128 bits of security for modern setups.
However, in older systems, it seems that 80 bits of security are adequate for the time being.
That’s the context behind this jest.
DOUG. Wonderful.
Many thanks, Richard, for submitting that.
If you have an engaging tale, comment, or query to share, we’d love to feature it on the podcast.
You can reach out to tips@sophos.com, comment on any of our articles, or connect with us on social media: @nakedsecurity.
This concludes our broadcast for today; thank you for tuning in.
For Paul Ducklin, I’m Doug Aamoth, reminding you until next time to…
BOTH. Take care of your security!
[MUSICAL MODEM]
About Author
