Security Bits Logo no alpha channel

Security Bits — 26 January 2020

Feedback & Followups

Deep Dives

❗ The CurveBall Windows Crypto Bug

Microsoft have patched a bug in the core cryptography library used by Windows 10 (and Windows Server 2016). The bug allows attackers to create forged certificates that Windows will consider valid in many circumstances.

This core crypto library is used throughout the OS, so this bug can affect everything from digitally signed apps, drivers and app updates to secured websites. Thankfully the certificates used to sign Windows updates are pinned, so they can’t be forged.

The potential dangers are still very real though. Attackers could execute Man-in-the-middle attacks against HTTPS websites without triggering warnings, intercept automatic software update processes in 3rd party apps and inject malware into the updates, or publish apps or drives that appear to be digitally signed by legitimate companies, but are actually booby-trapped with malware.

Protecting yourself is very easy — apply this month’s Windows updates!


🇺🇸 Round 2 in US -v- Apple Encryption Fight

The US government continues to put pressure on Apple to decrypt the two iPhones belonging to the so-called Pensacola shooter.

The US President and DOJ continue to lead the attack against Apple, claiming Apple are refusing to help them. Apple take great issue with this, and point out that they have answered every request for information promptly and with as much information as they have. This includes multiple gigabytes of data from iCloud backups.

The phones in question are older models, so we know the US government has access to tools that have been shown to be able to crack these older models. This makes it clear that this is not really about this specific attack, but an attempt to secure some kind of more general back-door.

The President and Attorney General either don’t understand how encryption works or, are choosing to pretend they don’t.

It’s not the case that Apple have the ability to crack phones but are choosing not to. The secure enclave and other recent technological advances mean the phones are truly encrypted, and Apple do not have the keys.

The only thing Apple could conceivably do is develop a special version of iOS that prevents devices auto-wiping when the password is entered incorrectly multiple times, or, to reduce the timeout after multiple failed guesses. This would not actually crack the phones, but it would speed up brute-force attacks against the phones. With the modern secure enclaves, it’s not clear just how big a speedup is possible though — at least some of the delay is caused by the secure enclave hardware, so that can never be removed.

Another possibility would be the passage of a law that requires Apple to remove the truly secure encryption they implement now and replace it with less secure encryption that could be more easily cracked. That, of course, would benefit every malefactor around the world — criminals as well as hostile governments, and put everyone, including US government officials, at more risk.


🇺🇸 Did Apple Abandon End-to-End Encryption of iCloud Backups Because the FBI Asked them to?

Reuters have published a report quoting sources within Apple and the intelligence agencies stating that Apple abandoned plans for full end-to-end encryption of iCloud backups and that they may have done so at the request of the FBI. The original report was not categorical about the casualty, but much subsequent reporting on that original reporting has been. The original report points out that the other rationale for not providing true end-to-end encryption on backups — if you do, the backups become useless if the user forgets their password!

Apple briefly implemented optional truly end-to-end encryption of cloud backups for users of their original Two-Step authentication, but rolled back from that approach when they moved to their current Two-Factor authentication system. At the time the reasoning was simple — Apple was finding itself having to tell customers they could not help them recover their treasured data too often.

It’s very important to note that iCloud backups are encrypted! It’s just that right now, two people hold those encryption keys — the user, and Apple. Since Apple have the key, they can decrypt the backups, so when presented with a valid subpoena they have no choice but to use them.

Also note that some data within iCloud backups are truly end-to-end encrypted (Apple do not have the keys), including all health data and the contents of the iCloud keychain.

It’s also very important to not Apple do not have the keys for manually created encrypted local backups (via iTunes).

Finally, I (Bart) want to stress that while the Reuters sources probably do genuinely believe Apple made the decision they made because the FBI asked them to, that doesn’t mean they’re correct in that belief! We often assume the motivations behind other people’s actions even when we have no idea what was actually going on in other people’s heads! There’s no need to assume this story could only be false if the sources lied.

Backups are fundamentally different to the devices we use every day, and especially to the portable devices we carry around with us. Our devices live in a hostile world where we need them to fail-secure to protect us. It’s OK for our devices to fail secure precisely because we have backups! For regular folks, backups should not also fail-secure, they need to fail-safe, otherwise when things go badly wrong the backups fail to fulfill their fundamental task! Rene Richie has been eloquently making this argument for years, and I (Bart) agree with him. For most people, Apple’s choice to end-to-end encrypt only the most sensitive data while regularly encrypting the rest is the right choice for the vast majority of Apple users. The only real problem is that Apple are not providing an alternative for the minority of users whose data is so sensitive that it really would be better for it to be destroyed than revealed when things go badly wrong.


The Cable Haunt Cable Modem Vulnerability

A serious flaw has been found in the reference implementation of the drivers for a chipset used in many models of cable modem all over the world. Hardware vendors and ISPs all around the world have used this reference implementation as the starting point for their firmwares, so variations of the vulnerability are extremely wide-spread.

In their worst form, these vulnerabilities allow remote attackers to take full control of users’ cable modems, giving them a very valuable man-in-the-middle position that they can leverage to attack everyone accessing the internet through the modem.

Most unfortunately, most ISPs do not allow end-users to alter the firmware on their modems, so with just a few exceptions, we are all powerless to protect ourselves, we have no choice but to trust our ISPs to do the right thing 🙁


Google’s Criticisms of Apple’s Safari ITP

ITP is Apple’s Intelligent Tracking Protection feature in Safari on iOS and macOS.

Back in December Apple released updates to Safari to tweak ITP to work around some issues with ITP disclosed to it by Google’s Project Zero security researchers.

What Google’s engineers discovered was that, rather ironically, websites could detect if a given domain was being blocked by ITP, and they could probe many domains to get a fingerprint of which domains a specific instance of Safari was blocking, and which it was not. This had two negative side-effects, it allowed sites to detect the other sites a user visits, a direct privacy violation, and, ironically, it allowed for a new form of browser fingerprinting, enabling tracking.

Apple fixed the specific problems Google highlights, but this week Google released a report making the argument that Apple’s design is flawed and that other attacks against it are likely to be discovered.

For now there is no immediate danger, but if Google are correct and Apple’s current design is fundamentally weak, Apple engineers will have a lot of work to do over the coming months!


❗ Action Alerts

Worthy Warnings

Notable News

Top Tips

Interesting Insights

Palate Cleansers


Note: When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Emoji Meaning
🎧 A link to audio content, probably a podcast
flag The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
🧯 A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
💵 A link to an article behind a pay-wall.
Very important!

Leave a Reply

Your email address will not be published.

Scroll to top