Security Hacks

1393 Articles

A RISC-V Security Key

December 26, 2023 by 6 Comments

The TKey is a RISC-V-based security key that plugs into a USB port. The device has a number of features, including a device-specific serial number, RAM scrambling, and a monitor that kills the CPU in the event of access to protected memory. There is also an FPGA that, on the end-user version, is locked down. This prevents you from changing the core features and the unique ID number for the device.

As part of the start-up code, the device calculates a hash of the application and merges it with the device ID and, potentially, a user-defined secret. If this number matches a previous calculation, it is reasonably certain that nothing has changed between the times of the calculations.

Continue reading “A RISC-V Security Key”

This Week In Security: Terrapin, Seized Unseized, And Autospill

December 22, 2023 by 5 Comments

There’s a new SSH vulnerability, Terrapin (pdf paper), and it’s got the potential to be nasty — but only in an extremely limited circumstance. To understand the problem, we have to understand what SSH is designed to do. It replaces telnet as a tool to get a command line shell on a remote computer. Telnet send all that text in the clear, but SSH wraps it all inside a public-key encrypted tunnel. It was designed to safely negotiate an unfriendly network, which is why SSH clients are so explicit about accepting new keys, and alerting when a key has changed.

SSH uses a sequence counter to detect Man-in-the-Middle (MitM) shenanigans like packet deletion, replay, or reordering. That sequence isn’t actually included in the packet, but is used as part of the Message Authentication Check (MAC) of several encryption modes. This means that if a packet is removed from the encrypted tunnel, the MAC fails on the rest of the packets, triggering a complete connection reset. This sequence actually starts at zero, with the first unencrypted packet sent after the version banners are exchanged. In theory, this means that an attacker fiddling with packets in the pre-encryption phase will invalidate the entire connection as well. There’s just one problem.

The innovation from the Terrapin researchers is that an attacker with MitM access to the connection can insert a number of benign messages in the pre-encryption phase, and then silently drop the first number of messages in the encrypted phase. Just a little TCP sequence rewriting for any messages between, and neither the server nor client can detect the deception. It’s a really interesting trick — but what can we do with it?

For most SSH implementations, not much. The 9.6 release of OpenSSH addresses the bug, calling it cryptographically novel, but noting that the actual impact is limited to disabling some of the timing obfuscation features added to release 9.5.

Continue reading “This Week In Security: Terrapin, Seized Unseized, And Autospill”

This Week In Security: Traingate, DNS, And JMP Slides

December 15, 2023 by 5 Comments

Remember Dieselgate, the scandal where certain diesel vehicles would detect an emissions test, and run cleaner for it, “cheating” the test? Traingate may just put that one into perspective. We’ll tell the story from the beginning, but buckle up for a wild and astonishing ride. It all starts with Polish trains getting a maintenance overhaul. These trains were built by Newag, who bid on the maintenance contract, but the contract was won by another company, SPS. This sort of overhaul involves breaking each train into its components, inspecting, lubricating, etc, and putting it all back together again. The first train went through this process, was fully reassembled, and then refused to move. After exhausting all of the conventional troubleshooting measures, SPS brought in the hackers.
Continue reading “This Week In Security: Traingate, DNS, And JMP Slides”

5Ghoul: The 14 Shambling 5G Flaws Used For Disruptive Attacks On Smartphones

December 13, 2023 by 5 Comments

A team of researchers from the ASSET Research Group in Singapore have published the details of a collection of vulnerabilities in the fifth generation mobile communication system (5G) used with smartphones and many other devices. These fourteen vulnerabilities are detailed in this paper and a PoC detailing an attack using a software defined radio (SDR) is provided on GitHub. The core of the PoC attack involves creating a malicious 5G base station (gNB), which nearby 5G modems will seek to communicate with, only for these vulnerabilities to be exploited, to the point where a hard reset (e.g. removal of SIM card) of the affected device may be required.

Hardware Setup for 5Ghoul PoC testing and fuzzer evaluation. (Credit: Matheus E. Garbelini et al., 2023)
Hardware Setup for 5Ghoul PoC testing and fuzzer evaluation. (Credit: Matheus E. Garbelini et al., 2023)

Another attack mode seeks to downgrade the target device’s wireless connection, effectively denying the connection to a 5G network and forcing them to connect to an alternative network (2G, 3G, 4G, etc.). Based on the affected 5G modems, the researchers estimate that about 714 smartphone models are at risk of these attacks. Naturally, not just smartphones use these 5G modem chipsets, but also various wireless routers, IoT devices, IP cameras and so on, all of which require the software these modems to be patched.

Most of the vulnerabilities concern the radio resource control (RCC) procedure, caused by flaws in the modem firmware. Android smartphones (where supported) should receive patches for 5Ghoul later this month, but when iPhone devices get patched is still unknown.

Hilarious Security Flaw In Counter Strike 2 Is Now Patched

December 12, 2023 by 17 Comments

Normally, when we talk about video games having bugs, it’s some kind of item duplication glitch or a hilarious failure in the jacket equip code of some tedious first-person-shooter online wardrobe simulator. Counter-Strike 2 has had a more embarrassing faux-pas, however, with a security hole allowing bad actors to theoretically capture the IPs of their fellow players in a server. You won’t believe how this came to happen.

The exploit has already been making its way around the forums, with one [Crouch9706] raising the alarm. It’s all down to the way Counter-Strike 2 renders the names that players have entered in their Steam gaming profiles. In certain menus and other parts of the UI, the game will actually parse HTML in a player’s name. Typically, the way to trigger it is to join a game and vote to kick yourself. This brings up a dialog for other players that shows them your player name and parses the HTML. The only limitation is you only get 32 characters for your HTML.

There’s a nifty little extra trick to this, though, in that you can use this technique to snag another player’s IP. By putting in HTML that links to your own server, you can log any player IPs that connect to the server seeking an image, for example.

Of course, it’s not the biggest risk, with many players being behind ISPs that use CGNAT, making the harvested IPs rather useless. However, this sort of unexpected code injection is really not acceptable from a security standpoint. At the very least, it has the potential to expose players to nasty imagery.

Word on the street (Nitter) is that the exploit has now been patched. Meanwhile, if you’re working on a game that for some mad reason, executes code based on player names or any other such data, consider patching your work ASAP. If you find similar exploits in the wild, don’t hesitate to hit up our tipsline—and notify the developers, too!

Update On The BLUFFS Bluetooth Vulnerability

December 2, 2023 by 12 Comments

As we first reported in yesterday’s weekly security post, researchers at EURECOM have revealed the details (PDF, references) of a new man-in-the-middle (MITM) attack on Bluetooth 4.2 through 5.4, which has been assigned CVE-2023-24023. Like preceding CVEs, it concerns the session authentication between Bluetooth devices, where the attacker uses spoofed paired or bonded devices to force the use of a much shorter encryption key length.

The name of this newly discovered vulnerability is BLUFFS (Bluetooth Forward and Future Secrecy), where forward and future secrecy are important terms that refer to the protection of secure sessions against compromise in the past (forward, FoS) and future (FuS). The CVE presentation notes that the Bluetooth specification does not cover either FuS or FoS. In total two new architectural vulnerabilities were discovered, both of which attack the security key.

The Bluetooth SIG has released a statement regarding this attack method. Although serious, it would seem that the core issue is that some implementations allow for encryption key lengths below 7 octets:

Continue reading “Update On The BLUFFS Bluetooth Vulnerability”

This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints

December 1, 2023 by 18 Comments

We’re back! And while the column took a week off for Thanksgiving, the security world didn’t. The most pressing news is an issue in Owncloud, that is already under active exploitation.

The problem is a library that can be convinced to call phpinfo() and include the results in the page response. That function reveals a lot of information about the system Owncloud is running on, including environment variables. In something like a Docker deployment, those environment variables may contain system secrets like admin username and password among others.

Now, there is a bit of a wrinkle here. There is a public exploit, and according to research done by Greynoise Labs, that exploit does not actually work against default installs. This seems to describe the active exploitation attempts, but the researcher that originally found the issue has stated that there is a non-public exploit that does work on default installs. Stay tuned for this other shoe to drop, and update your Owncloud installs if you have them. Continue reading “This Week In Security: Owncloud, NXP, 0-Days, And Fingerprints”