Crypto-Gram
March 15, 2022
by Bruce Schneier
Fellow and Lecturer, Harvard Kennedy School
schneier@schneier.com
https://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and
otherwise.
For back issues, or to subscribe, visit Crypto-Gram's web page.
Read this issue on the web
These same essays and news items appear in the Schneier on Security blog, along
with a lively and intelligent comment
section. An RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
If these links don't work in your email client, try reading this issue of
Crypto-Gram on the web.
Secret CIA Data Collection Program
Vendors are Fixing Security Flaws Faster
Possible Government Surveillance of the Otter.ai Transcription App
Stealing Bicycles by Swapping QR Codes
A New Cybersecurity "Social Contract"
Bypassing Apples AirTag Security
An Elaborate Employment Con in the Internet Age
Privacy Violating COVID Tests
Insurance Coverage for NotPetya Losses
Decrypting Hive Ransomware Data
Vulnerability in Stalkerware Apps
Details of an NSA Hacking Operation
Samsung Encryption Flaw
Hacking Alexa through Alexas Speech
Using Radar to Read Body Language
Fraud on Zelle
Wheres the Russia-Ukraine Cyberwar?
Leak of Russian Censorship Data
Upcoming Speaking Events
** *** ***** ******* *********** *************
Secret CIA Data Collection Program
[2022.02.15] Two US senators claim that the CIA has been running an unregulated
-- and almost certainly illegal -- mass
surveillance program on Americans.
The senators statement. Some declassified information from the CIA.
No real details yet.
** *** ***** ******* *********** *************
Vendors are Fixing Security Flaws Faster
[2022.02.16] Googles Project Zero is reporting that software vendors are
patching their code faster.
tl;dr
In 2021, vendors took an average of 52 days to fix security
vulnerabilities reported from Project Zero. This is
a significant acceleration from an average of about 80 days 3 years ago.
In addition to the average now being well below the 90-day deadline, we
have also seen a dropoff in vendors
missing the deadline (or the additional 14-day grace period). In 2021, only one
bug exceeded its fix deadline, though
14% of bugs required the grace period.
Differences in the amount of time it takes a vendor/product to ship a
fix to users reflects their product
design, development practices, update cadence, and general processes towards
security reports. We hope that this
comparison can showcase best practices, and encourage vendors to experiment with
new policies.
This data aggregation and analysis is relatively new for Project Zero,
but we hope to do it more in the future.
We encourage all vendors to consider publishing aggregate data on their
time-to-fix and time-to-patch for externally
reported vulnerabilities, as well as more data sharing and transparency in
general.
** *** ***** ******* *********** *************
Possible Government Surveillance of the Otter.ai Transcription App
[2022.02.17] A reporter interviews a Uyghur human-rights advocate, and uses the
Otter.ai transcription app.
The next day, I received an odd note from Otter.ai, the automated
transcription app that I had used to record the
interview. It read: Hey Phelim, to help us improve your Otters experience, what
was the purpose of this particular
recording with titled Mustafa Aksu created at 2021-11-08 11:02:41?
Customer service or Chinese surveillance? Turns out its hard to tell.
EDITED TO ADD (3/12): Another article.
** *** ***** ******* *********** *************
Stealing Bicycles by Swapping QR Codes
[2022.02.21] This is a clever hack against those bike-rental kiosks:
Theyre stealing Citi Bikes by switching the QR scan codes on two bicycles
near each other at a docking station,
then waiting for an unsuspecting cyclist to try to unlock a bike with his or her
smartphone app.
The app doesnt work for the rider but does free up the nearby Citi Bike with
the switched code, where a thief is
waiting, jumps on the bicycle and rides off.
Presumably theyre using camera, printers, and stickers to swap the codes on the
bikes. And presumably the victim is
charged for not returning the stolen bicycle.
This story is from last year, but I hadnt seen it before. Theres a video of one
theft at the link.
** *** ***** ******* *********** *************
A New Cybersecurity "Social Contract"
[2022.02.22] The US National Cyber Director Chris Inglis wrote an essay
outlining a new social contract for the cyber
age:
The United States needs a new social contract for the digital age -- one
that meaningfully alters the relationship
between public and private sectors and proposes a new set of obligations for
each. Such a shift is momentous but not
without precedent. From the Pure Food and Drug Act of 1906 to the Clean Air Act
of 1963 and the public-private
revolution in airline safety in the 1990s, the United States has made important
adjustments following profound changes
in the economy and technology.
A similarly innovative shift in the cyber-realm will likely require an
intense process of development and
iteration. Still, its contours are already clear: the private sector must
prioritize long-term investments in a digital
ecosystem that equitably distributes the burden of cyberdefense. Government, in
turn, must provide more timely and
comprehensive threat information while simultaneously treating industry as a
vital partner. Finally, both the public
and private sectors must commit to moving toward true collaboration --
contributing resources, attention, expertise,
and people toward institutions designed to prevent, counter, and recover from
cyber-incidents.
The devil is in the details, of course, but hes 100% right when he writes that
the market cannot solve this: that the
incentives are all wrong. While he never actually uses the word regulation, the
future he postulates wont be possible
without it. Regulation is how society aligns market incentives with its own
values. He also leaves out the NSA -- whose
effectiveness rests on all of these global insecurities -- and the FBI, whose
incessant push for encryption backdoors
goes against his vision of increased cybersecurity. Im not sure how hes going to
get them on board. Or the surveillance
capitalists, for that matter. A lot of what he wants will require reining in
that particular business model.
Good essay -- worth reading in full.
** *** ***** ******* *********** *************
Bypassing Apples AirTag Security
[2022.02.23] A Berlin-based company has developed an AirTag clone that bypasses
Apples anti-stalker security systems.
Source code for these AirTag clones is available online.
So now we have several problems with the system. Apples anti-stalker security
only works with iPhones. (Apple wrote an
Android app that can detect AirTags, but how many people are going to download
it?) And now non-AirTags can piggyback
on Apples system without triggering the alarms.
Apple didnt think this through nearly as well as it claims to have. I think the
general problem is one that I have
written about before: designers just dont have intimate threats in mind when
building these systems.
** *** ***** ******* *********** *************
An Elaborate Employment Con in the Internet Age
[2022.02.24] The story is an old one, but the tech gives it a bunch of new
twists:
Gemma Brett, a 27-year-old designer from west London, had only been working
at Madbird for two weeks when she
spotted something strange. Curious about what her commute would be like when the
pandemic was over, she searched for
the companys office address. The result looked nothing like the videos on
Madbirds website of a sleek workspace buzzing
with creative-types. Instead, Google Street View showed an upmarket block of
flats in Londons Kensington.
[...]
Using online reverse image searches they dug deeper. They found that almost
all the work Madbird claimed as its own
had been stolen from elsewhere on the internet -- and that some of the
colleagues theyd been messaging online didnt
exist.
[...]
At least six of the most senior employees profiled by Madbird were fake.
Their identities stitched together using
photos stolen from random corners of the internet and made-up names. They
included Madbirds co-founder, Dave Stanfield
-- despite him having a LinkedIn profile and Ali referring to him constantly.
Some of the duped staff had even received
emails from him.
Read the whole sad story. Whats amazing is how shallow all the fakery was, and
how quickly it all unraveled once people
started digging. But until theres suspicion enough to dig, we take all of these
things at face value. And in COVID
times, theres no face-to-face anything.
** *** ***** ******* *********** *************
Privacy Violating COVID Tests
[2022.02.25] A good lesson in reading the fine print:
Cignpost Diagnostics, which trades as ExpressTest and offers �35 tests for
holidaymakers, said it holds the right
to analyse samples from seals to learn more about human health -- and sell
information on to third parties.
Individuals are required to give informed consent for their sensitive
medical data to be used but customers consent
for their DNA to be sold now as buried in Cignposts online documents.
Of course, no one ever reads the fine print.
EDITED TO ADD (3/12): The original story.
** *** ***** ******* *********** *************
Insurance Coverage for NotPetya Losses
[2022.02.28] Tarah Wheeler and Josephine Wolff analyze a recent court decision
that the NotPetya attacks are not
considered an act of war under the wording of Mercks insurance policy, and that
the insurers must pay the $1B+ claim.
Wheeler and Wolff argue that the judge did the right thing for the wrong
reasons..
** *** ***** ******* *********** *************
Decrypting Hive Ransomware Data
[2022.03.01] Nice piece of research:
Abstract: Among the many types of malicious codes, ransomware poses a major
threat. Ransomware encrypts data and
demands a ransom in exchange for decryption. As data recovery is impossible if
the encryption key is not obtained, some
companies suffer from considerable damage, such as the payment of huge amounts
of money or the loss of important data.
In this paper, we analyzed Hive ransomware, which appeared in June 2021. Hive
ransomware has caused immense harm,
leading the FBI to issue an alert about it. To minimize the damage caused by
Hive Ransomware and to help victims
recover their files, we analyzed Hive Ransomware and studied recovery methods.
By analyzing the encryption process of
Hive ransomware, we confirmed that vulnerabilities exist by using their own
encryption algorithm. We have recovered the
master key for generating the file encryption key partially, to enable the
decryption of data encrypted by Hive
ransomware. We recovered 95% of the master key without the attackers RSA private
key and decrypted the actual infected
data. To the best of our knowledge, this is the first successful attempt at
decrypting Hive ransomware. It is expected
that our method can be used to reduce the damage caused by Hive ransomware.
Heres the flaw:
The cryptographic vulnerability identified by the researchers concerns the
mechanism by which the master keys are
generated and stored, with the ransomware strain only encrypting select portions
of the file as opposed to the entire
contents using two keystreams derived from the master key.
The encryption keystream, which is created from an XOR operation of the two
keystreams, is then XORed with the data
in alternate blocks to generate the encrypted file. But this technique also
makes it possible to guess the keystreams
and restore the master key, in turn enabling the decode of encrypted files sans
the attackers private key.
The researchers said that they were able to weaponize the flaw to devise a
method to reliably recover more than 95%
of the keys employed during encryption.
** *** ***** ******* *********** *************
Vulnerability in Stalkerware Apps
[2022.03.02] TechCrunch is reporting -- but not describing in detail -- a
vulnerability in a series of stalkerware apps
that exposes personal information of the victims. The vulnerability isnt in the
apps installed on the victims phones,
but in the website the stalker goes to view the information the app collects.
The article is worth reading, less for
the description of the vulnerability and more for the shadowy string of
companies behind these stalkerware apps.
** *** ***** ******* *********** *************
Details of an NSA Hacking Operation
[2022.03.03] Pangu Lab in China just published a report of a hacking operation
by the Equation Group (aka the NSA). It
noticed the hack in 2013, and was able to map it with Equation Group tools
published by the Shadow Brokers (aka some
Russian group).
...the scope of victims exceeded 287 targets in 45 countries, including
Russia, Japan, Spain, Germany, Italy, etc.
The attack lasted for over 10 years. Moreover, one victim in Japan is used as a
jump server for further attack.
News article.
** *** ***** ******* *********** *************
Samsung Encryption Flaw
[2022.03.04] Researchers have found a major encryption flaw in 100 million
Samsung Galaxy phones.
From the abstract:
In this work, we expose the cryptographic design and implementation of
Androids Hardware-Backed Keystore in
Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We
reversed-engineered and provide a detailed description
of the cryptographic design and code structure, and we unveil severe design
flaws. We present an IV reuse attack on
AES-GCM that allows an attacker to extract hardware-protected key material, and
a downgrade attack that makes even the
latest Samsung devices vulnerable to the IV reuse attack. We demonstrate working
key extraction attacks on the latest
devices. We also show the implications of our attacks on two higher-level
cryptographic protocols between the TrustZone
and a remote server: we demonstrate a working FIDO2 WebAuthn login bypass and a
compromise of Googles Secure Key
Import.
Here are the details:
As we discussed in Section 3, the wrapping key used to encrypt the key blobs
(HDK) is derived using a salt value
computed by the Keymaster TA. In v15 and v20-s9 blobs, the salt is a
deterministic function that depends only on the
application ID and application data (and constant strings), which the Normal
World client fully controls. This means
that for a given application, all key blobs will be encrypted using the same
key. As the blobs are encrypted in AES-GCM
mode-of-operation, the security of the resulting encryption scheme depends on
its IV values never being reused.
Gadzooks. Thats a really embarrassing mistake. GSM needs a new nonce for every
encryption. Samsung took a secure cipher
mode and implemented it insecurely.
News article.
** *** ***** ******* *********** *************
Hacking Alexa through Alexas Speech
[2022.03.07] An Alexa can respond to voice commands it issues. This can be
exploited:
The attack works by using the devices speaker to issue voice commands. As
long as the speech contains the device
wake word (usually Alexa or Echo) followed by a permissible command, the Echo
will carry it out, researchers from Royal
Holloway University in London and Italys University of Catania found. Even when
devices require verbal confirmation
before executing sensitive commands, its trivial to bypass the measure by adding
the word yes about six seconds after
issuing the command. Attackers can also exploit what the researchers call the
FVV, or full voice vulnerability, which
allows Echos to make self-issued commands without temporarily reducing the
device volume.
It does require proximate access, though, at least to set the attack up:
It requires only a few seconds of proximity to a vulnerable device while its
turned on so an attacker can utter a
voice command instructing it to pair with an attackers Bluetooth-enabled device.
As long as the device remains within
radio range of the Echo, the attacker will be able to issue commands.
Research paper.
** *** ***** ******* *********** *************
Using Radar to Read Body Language
[2022.03.08] Yet another method of surveillance:
Radar can detect you moving closer to a computer and entering its personal
space. This might mean the computer can
then choose to perform certain actions, like booting up the screen without
requiring you to press a button. This kind
of interaction already exists in current Google Nest smart displays, though
instead of radar, Google employs ultrasonic
sound waves to measure a persons distance from the device. When a Nest Hub
notices youre moving closer, it highlights
current reminders, calendar events, or other important notifications.
Proximity alone isnt enough. What if you just ended up walking past the
machine and looking in a different
direction? To solve this, Soli can capture greater subtleties in movements and
gestures, such as body orientation, the
pathway you might be taking, and the direction your head is facing -- aided by
machine learning algorithms that further
refine the data. All this rich radar information helps it better guess if you
are indeed about to start an interaction
with the device, and what the type of engagement might be.
[...]
The ATAP team chose to use radar because its one of the more
privacy-friendly methods of gathering rich spatial
data. (It also has really low latency, works in the dark, and external factors
like sound or temperature dont affect
it.) Unlike a camera, radar doesnt capture and store distinguishable images of
your body, your face, or other means of
identification. Its more like an advanced motion sensor, Giusti says. Soli has a
detectable range of around 9 feet --
less than most cameras -- but multiple gadgets in your home with the Soli sensor
could effectively blanket your space
and create an effective mesh network for tracking your whereabouts in a home.
Privacy-friendly is a relative term.
These technologies are coming. Theyre going to be an essential part of the
Internet of Things.
** *** ***** ******* *********** *************
Fraud on Zelle
[2022.03.09] Zelle is rife with fraud:
Zelles immediacy has also made it a favorite of fraudsters. Other types of
bank transfers or transactions involving
payment cards typically take at least a day to clear. But once crooks scare or
trick victims into handing over money
via Zelle, they can siphon away thousands of dollars in seconds. Theres no way
for customers -- and in many cases, the
banks themselves -- to retrieve the money.
[...]
Its not clear who is legally liable for such losses. Banks say that
returning money to defrauded customers is not
their responsibility, since the federal law covering electronic transfers --
known in the industry as Regulation E --
requires them to cover only unauthorized transactions, and the fairly common
scam that Mr. Faunce fell prey to tricks
people into making the transfers themselves. Victims say because they were duped
into sending the money, the
transaction is unauthorized. Regulatory guidance has so far been murky.
When swindled customers, already upset to find themselves on the hook,
search for other means of redress, many are
enraged to find out that Zelle is owned and operated by banks.
[...]
The Zelle network is operated by Early Warning Services, a company created
and owned by seven banks: Bank of
America, Capital One, JPMorgan Chase, PNC, Truist, U.S. Bank and Wells Fargo.
Early Warning, based in Scottsdale,
Ariz., manages the systems technical infrastructure. But the 1,425 banks and
credit unions that use Zelle can customize
the app and add their own security settings.
** *** ***** ******* *********** *************
Wheres the Russia-Ukraine Cyberwar?
[2022.03.10] It has been interesting to notice how unimportant and ineffective
cyber operations have been in the
Russia-Ukraine war. Russia launched a wiper against Ukraine at the beginning,
but it was found and neutered. Near as I
can tell, the only thing that worked was the disabling of regional KA-SAT SATCOM
terminals.
Its probably too early to reach any conclusions, but people are starting to
write about this, with varying theories.
I want to write about this, too, but Im waiting for things to progress more.
EDITED TO ADD (3/12): Two additional takes.
** *** ***** ******* *********** *************
Leak of Russian Censorship Data
[2022.03.14] The transparency organization Distributed Denial of Secrets has
released 800GB of data from Roskomnadzor,
the Russian government censorship organization.
Specifically, Distributed Denial of Secrets says the data comes from the
Roskomnadzor of the Republic of
Bashkortostan. The Republic of Bashkortostan is in the west of the country.
[...]
The data is split into two main categories: a series of over 360,000 files
totalling in at 526.9GB and which date
up to as recently as March 5, and then two databases that are 290.6GB in size,
according to Distributed Denial of
Secrets website.
** *** ***** ******* *********** *************
Upcoming Speaking Events
[2022.03.14] This is a current list of where and when I am scheduled to speak:
Im participating in an online panel discussion on Ukraine and Russia: The
Online War, hosted by UMass Amherst, at
5:00 PM Eastern on March 31, 2022.
Im speaking at Future Summits in Antwerp, Belgium on May 18, 2022.
Im speaking at IT-S Now 2022 in Vienna on June 2, 2022.
Im speaking at the 14th International Conference on Cyber Conflict, CyCon
2022, in Tallinn, Estonia on June 3,
2022.
Im speaking at the RSA Conference 2022 in San Francisco, June 6-9, 2022.
Im speaking at the Dublin Tech Summit in Dublin, Ireland, June 15-16, 2022.
The list is maintained on this page.
** *** ***** ******* *********** *************
Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries,
analyses, insights, and commentaries on
security technology. To subscribe, or to read back issues, see Crypto-Gram's web
page.
You can also read these articles on my blog, Schneier on Security.
Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and
friends who will find it valuable.
Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in
its entirety.
Bruce Schneier is an internationally renowned security technologist, called a
security guru by the Economist. He is the
author of over one dozen books -- including his latest, We Have Root -- as well
as hundreds of articles, essays, and
academic papers. His newsletter and blog are read by over 250,000 people.
Schneier is a fellow at the Berkman Klein
Center for Internet & Society at Harvard University; a Lecturer in Public Policy
at the Harvard Kennedy School; a board
member of the Electronic Frontier Foundation, AccessNow, and the Tor Project;
and an Advisory Board Member of the
Electronic Privacy Information Center and VerifiedVoting.org. He is the Chief of
Security Architecture at Inrupt, Inc.
Copyright 2022 by Bruce Schneier.
** *** ***** ******* *********** *************
--- GoldED+/W64-MSVC 1.1.5-b20180707
* Origin: TC on Micronet Daily (618:500/14.1)
|
Computer Support/Help/Discussion... 
