Security

If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.

Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it into a code book that can be used to decode conversations and any data that gets sent to and from the phone.

Karsten Nohl talks about his distributed computing, open-source AE/1 cracking project at the Hacking at Random conference.

(Credit: Hacking at Random)

He hopes that by doing this it will spur cellular providers into improving the security of their services and fix a weakness that has been around for 15 years and affects about 3 billion mobile users.

"We're not creating a vulnerability but publicizing a flaw that's already being exploited very widely," he said in a phone interview Monday.

"Clearly we are making the attack more practical and much cheaper, and of course there's a moral question of whether we should do that," he said. "But more importantly, we are informing (people) about a longstanding vulnerability and hopefully preventing more systems from adopting this."

This weakness in the encryption used on the phones, A5/1, has been known about for years. There are at least four commercial tools that allow for decrypting GSM communications that range in price from $100,000 to $250,000 depending on how fast you want the software to work, said Nohl, who previously has publicized weaknesses with wireless smart card chips used in transit systems.

It will take 80 high-performance computers about three months to do a brute force attack on A5/1 and create a large look-up table that will serve as the code book, said Nohl, who announced the project at the Hacking at Random conference in the Netherlands 10 days ago.

Using the code book, anyone could get the encryption key for any GSM call, SMS message, or other communication encrypted with A5/1 and listen to the call or read the data in the clear. If 160 people donate their computing resources to the project, it should only take one and a half months to complete, he said.

Participants download the software and three months later they share the files created with others, via BitTorrent, for instance, Nohl said. "We have no connection to them," he added.

Once the look-up table is created it would be available for anyone to use.

Distributed computing, which has long been used for research and academic purposes, like SETI@home, and which companies have built businesses around, not only solves the technical hurdle to cracking the A5/1 code, but it could solve the legal ones too.

A few years ago a similar GSM cracking project was embarked upon but was halted before it was completed after researchers were intimidated, possibly by a cellular provider, Nohl said. By distributing the effort among participants and not having it centralized, the new effort will be less vulnerable to outside interference, he said.

Nohl wasn't certain of the legal ramifications of the project but said it's likely that using such a look-up table is illegal but possession is legal because of the companies that openly advertise their tables for sale.

A T-Mobile spokeswoman said the company had no comment on the matter.

AT&T spokesman Mark Siegel said, "We take extraordinary care to protect the privacy of our customers and use a variety of tools, many technical and some human approaches. I can't go into the details for security reasons." He declined to elaborate or comment further.

Taking precautions
Carriers should upgrade the encryption or move voice services to 3G, which has much stronger encryption, Nohl said.

In the meantime, people can use separate encryption products on the phone, like Cellcrypt, or handsets with their own encryption, Nohl said. Amnesty International and Greenpeace are using phones with stronger encryption, for example, but it only works if both parties to a conversation are using the same technology, he said.

For data encryption there is Pretty Good Privacy (PGP) for e-mail and virtual private network (VPN) software for connecting to a corporate network, he said.

The encryption problem is particularly serious for people doing online banking, where banks are using text messages as authentication tokens. Banks should instead offer RSA SecurID tokens or send one-time pass phrases through regular mail, Nohl said.

"I think, potentially, this could have as much impact as the breaking of WEP (Wired Equivalent Privacy) had a few years ago," said Stan Schatt, security practice director at ABI Research. "That shook up the industry quite a bit."

As a result of breaking that encryption, enterprises were reluctant to rely on wireless LANs so the Wi-Fi Alliance pushed through an interim standard that strengthened the encryption scheme, he said.

"Vendors will jump in with interim solutions, like Cellcrypt," Schatt said. "Mobile operators themselves will have to jump in and offer additional levels of encryption as part of a managed service offering for people who want a higher level of encryption."

However, consumers aren't likely to want to pay extra for the boosted encryption strength, he said.

To snoop on someone's phone, a would-be spy would need to be within eyesight of the target, Schatt said. Or, spies could point a recording device in the direction of a building and grab whatever conversations were nearby, he said.

"If you stand outside a building of a competitor you could get conversations between product managers and about sensitive corporation information, like acquisitions," he said. "Corporations put even more sensitive information over their phones, in general, than they do over their e-mail."

Update Wednesday August 26 8:01 a.m. PDT: The project web page is here and the the talk with slides is here.

The encryption functionality of the iPhone 3GS is so easy to crack that it is essentially "broken" as far as protecting sensitive personal data like credit card and social security numbers, according to a forensics expert and iPhone developer.

"I don't think any of us [developers] have ever seen encryption implemented so poorly before, which is why it's hard to describe why it's such a big threat to security," Jonathan Zdziarski told Wired.

With physical access to a 3GS iPhone and some free software data can be extracted within two minutes and an image of the entire raw disk in about 45 minutes, he said. The iPhone decrypts the data on its own once the extraction has begun, he explains in a video demonstration.

Apple has been touting the encryption and other features to entice corporate users to the device. And it seems to be working. Nearly 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones per company, the company said on its financial results conference call on Tuesday.

Updated at 4:45 p.m. PST to clarify that Gmail data has always been encrypted by default when a user types in https:// and that last year they offered the ability to set https:// as the default.

More than three dozen security and privacy advocates and researchers are asking Google to offer better data protection for users of Gmail and other Google apps and Google said on Tuesday that it is considering doing that, if it doesn't slow down the apps too much.

You may not know this but you can set Gmail to encrypt your session data by default to protect it from being sniffed over the network. However, Google doesn't offer the ability to encrypt potentially sensitive data created in other Google apps like Docs or Calendar by default, which means the communications could be stolen or snooped on by someone using a packet sniffer on public Internet connections, such as open wireless networks, according to the letter addressed to Google Chief Executive Eric Schmidt and signed by a who's who of 38 experts in the security industry.

Granted, users of other free e-mail services, social networks, and many other sites are vulnerable to data theft and account hijacking, the letter notes. But Google is in a position to set a standard for others to follow, it says.

Google should enable HTTPS (Hypertext Transfer Protocol Secure), a technology used by banks and e-commerce sites, by default for Gmail, Docs and Calendar, or at least do more to educate users about the privacy risks and make it easy to turn on the HTTPS by default, the letter urges.

Not only do many people not understand the privacy risks in using unencrypted services, but they don't know that they have the HTTPS default option and finding the settings to change isn't that easy, the letter says. Users can access Gmail, Docs, Calendar and other apps via HTTPS by simply changing the "http://" in the URL address to "https://," but many don't know about that option, either.

"As a market leader in providing cloud services, Google has an opportunity to engage in genuine privacy and security leadership, and to set a standard for the industry," the letter says. "If Google believes that encryption and protection from hackers is a choice that should be left up to users, the company must do a better job of informing them of the risks so that they are equipped to make this choice."

Some of the security experts endorsing the document include Bruce Schneier, chief security technology officer of BT Group; Peter Neumann, principal scientist at SRI International; encryption pioneer Ron Rivest of MIT; Steve Bellovin of Columbia University; Eugene Spafford at Purdue University; and Defcon founder Jeff Moss, who recently joined the Homeland Security Advisory Council.

In response, Alma Whitten, a software engineer on Google's security and privacy teams, wrote in a blog post that Google has been "looking into whether it would make sense to turn on HTTPS as the default for all Gmail users.

"But we want to more completely understand the impact on people's experience, analyze the data, and make sure there are no negative effects," she wrote. "Ideally we'd like this to be on by default for all connections, and we're investigating the trade-offs, since there are some downsides to HTTPS--in some cases it makes certain actions slower."

Google is planning to test the use of HTTPS with "small samples of different types of Gmail users" to see whether it affects the performance of their e-mail, the blog post says.

"Unless there are negative effects on the user experience or it's otherwise impractical, we intend to turn on HTTPS by default more broadly, hopefully for all Gmail users," the post says. "We're also considering how to make this work best for other apps including Google Docs and Google Calendar."

The letter addresses the performance trade-off argument, noting that Google seems to have solved the issue because it provides access to its advertising systems and several other services only via HTTPS sessions.

"Google's engineers have created a low-latency, enjoyable experience for users of Health, Voice, AdWords and AdSense--we are confident that these same skilled engineers can make any necessary tweaks to make Gmail, Docs, and Calendar work equally well in order to enable encryption by default," the letter says.

Correction at 5:50 a.m. PDT May 20: The spelling of Kenny Paterson's last name has been corrected.

An underlying flaw in the widely used encryption protocol Open Secure Shell (OpenSSH) has been made public by researchers from the Royal Holloway, University of London.

The flaw, which lies in version 4.7 of OpenSSH on Debian/GNU Linux, allows 32 bits of encrypted text to be rendered in plaintext, according to a research team from the Royal Holloway Information Security Group (ISG).

An attacker has a one in 262,144 chance of success. ISG lead professor Kenny Paterson told CNET News sister site ZDNet UK last Monday that the flaw is more significant than previous vulnerabilities in OpenSSH.

"This is a design flaw in OpenSSH," said Paterson. "The other vulnerabilities have been more about coding errors."

According to Paterson, a man-in-the-middle attacker could sit on a network and grab blocks of encrypted text as they are sent from client to server. By retransmitting the blocks to the server, an attacker can work out the first four bytes of corresponding plaintext. The attacker can do this by counting how many bytes the attacker sends until the server generates an error message and tears down the connection, then working backward to deduce what was in the OpenSSH encryption field before encryption.

The attack relies on flaws in the RFC (Request for Comments) Internet standards that define SSH, said Paterson.

Paterson gave a talk on Monday at the IEEE Symposium on Security and Privacy in Oakland, Calif., to explain his group's research findings. The three ISG academics involved in the research were Paterson, Martin Albrecht, and Gaven Watson.

This vulnerability was first made public in November 2008 by the UK Centre for the Protection of National Infrastructure (CPNI), though full details of the flaw were not then given. According to the CPNI advisory, the OpenSSH flaw could be mitigated by IT professionals using AES (advanced encryption standard) in counter mode (CTR) to encrypt, instead of cipher-block chaining mode (CBC).

Paterson said his group had worked with OpenSSH developers to mitigate the flaw, and that OpenSSH version 5.2 contained countermeasures.

"They've fixed (OpenSSH); they've put countermeasures in place to stop our attack," said Paterson. "But the standard has not changed."

Paterson said that he did not believe this flaw had been exploited in the wild, and that to deduce a message of appreciable length could take days. In addition, proprietary SSH vendors had been informed of the issue in advance, and had put countermeasures in their code. However, Paterson added that it always takes time for system administrators to apply patches to servers and clients, no matter whether the software is open source or proprietary.

Tom Espiner of ZDNet UK reported from London.

The list of PC security products never ends. For every name that drops off, two more jump on. In fact, determining the best security hardware and software is a full-time job. Sometimes, you just want to throw up your hands and take your chances.

Maybe I'm just a cockeyed optimist, but I think you can stay safe without spending all your spare time doing research, installing updates, and generally becoming a PC-security expert. Here are five relatively easy ways to improve your security.

Use the firewall that's closest at hand
In the computer industry, the reputation of a product, service, or Web site is just about worthless. Yesterday's best firewall, ad blocker, spam buster, virus spotter, or spyware cleaner is today's bust.

Maybe the product got bought and the new owners aren't as conscientious about updates as the previous ones. Or the service's management team decides to go for profits and skimp on support, updates, and enhancements. There are lots of reasons why a good product goes sour, and the computer industry has seen nearly all of them.

So if you can't go by reputation, how do you choose a security product? One way is to go with the tools you've already got. Windows' security is roundly criticized, but the fact is, it's better than it used to be, and third-party security products have their own shortcomings.

Last February, I recommended that you use a third-party firewall rather than the one built into Windows. Six months earlier, I suggested that you pass on the third-party tools and stick with the Windows Firewall despite its shortcomings.

So which side of the fence am I on now? The simple side. The fact is, any third-party security tool complicates your setup. It's not difficult to find weaknesses in the Windows Firewall, but it's safe enough for most PC users, and it's much better than using no software firewall at all.

My previous post included links to information on Microsoft's TechNet site providing technical details of the Windows Firewall, tips for customizing the Windows Firewall, and help troubleshooting the firewall in XP and Vista.

Don't hesitate to try another free antivirus program
Just last week, I switched antivirus programs on my XP test system--for the umpteenth time. Something was slowing the system down, and after defragging the hard drive and doing other standard maintenance tasks, the machine's performance didn't improve as I expected it to.

Rather than go through a bunch of diagnostic tests, I simply uninstalled the system's antivirus tool and downloaded a competing package. The old and new programs were both free, and the switch didn't take much time to complete. The topper? The XP machine's performance perked up immediately.

Two antivirus programs that are free for home use and that are currently highly rated are Avast Home Edition and Avira AntiVir. You'll find a list of dozens of antivirus programs for Windows on this Download.com page.

Change your password...again
I hate those "your password will expire in x days" warnings as much as you do, but one of the simplest ways to protect yourself is by keeping your passwords fresh. Last year, I described the Ten Password Commandments, one of which was to devise a password-creation strategy that's all your own.

Just two months ago, I complained about the shortcomings of passwords as our primary security option, though I concluded that there's nothing better, for now. Lots of people swear by password managers such as RoboForm, but then you have yet another third-party app complicating matters.

For me, it's simpler just to devise a new password based on my unique, inimitable password-creation system, which I share with no one. No need to write it down, enter it in an online form, or encrypt it in a master-password file. Temporary amnesia, well, that's another matter.

For secure e-mail, use encryption
You would think that encrypting e-mail would be a breeze, but doing so is anything but. You and the recipient have to deal with digital certificates, public and private keys, and any number of other time-eating preparations and precautions.

The simplest way I know of to encrypt your e-mail is by using the Mozilla Foundation's Thunderbird with the Enigmail extension. Jason Thomas provides step-by-step instructions in this tutorial on the Lifehacker site.

Gmail users can secure their e-mail communications by enabling the service's built-in encryption. To do so, click the Settings button at the top-right of the main Gmail screen, scroll to the bottom of the General tab, select "Always use https," and click Save Changes.

Select "Always use https" under the General tab in Gmail's Settings to encrypt your messages.

(Credit: Google)

Keep your browser up-to-date
Most people will tell you that the Mozilla Foundation's Firefox browser is the safest way to surf, but a recent report from Google Switzerland and the Swiss Federal Institute of Technology found that "(u)sing the most recent version of a browser will lower the risk associated with drive-by-downloads and other Web-based attacks, which start by targeting the browser."

The report cites Google Chrome's silent updates as the best way to ensure that your browser is protected. The researchers also laud Chrome's lack of a way for users to disable its silent-update feature. Some people will object to software being downloaded to and installed on their system without their knowledge, but the fact is, these behind-the-scenes updates are the best way to keep you safe from the Internet bad guys.

Personally, I'm starting to rethink my choice of default browser. But as I mentioned earlier, you can't put any faith in a computer security product's reputation. And you can't be afraid to switch.

Goodmail Systems unveiled on Thursday its CertifiedVideo, which offers streaming video capabilities within e-mail.

Goodmail, which provides companies and nonprofits with encrypted e-mail, is adding embedded streaming video capabilities to its service.

"Americans watched more than 14 billion online videos this past January alone. With CertifiedVideo, consumers can now watch videos within their e-mail in-box without having to click to an external Web site, and brands can tap into shifting media consumption habits and craft truly interactive, e-mail 3.0 marketing campaigns," Peter Horan, Goodmail CEO, said in a statement.

AOL is the first e-mail provider to offer Certified Video. Among the companies sending footage over the e-mail service are Country Music TV, LiveNation, The New York Times, and Target.

With its CertifiedVideo service, Goodmail first analyzes a prospective sender's video player for code stability and platform compatibility, with the aim of ensuring the video can be delivered and viewed. After it's been approved, a sender can use Goodmail's CertifiedEmail system to add encrypted video tokens to outbound messages.

The outbound messages are designed to notify the recipient's e-mail provider to deliver the message directly to the recipient with the video content enabled, according to Goodmail.

I've recently written about a new standard published by the Trusted Computing Group (TCG) for self-encrypting drives. With this standard, Fujitsu, Hitachi, Seagate, Toshiba, and Western Digital are shipping or will soon ship self-encrypting hard drives for laptop computers. This in turn should prompt a transition, where users will opt for systems with self-encrypting drives rather than install encryption software utilities.

To me, this conversion is inevitable since hardware-based cryptographic processing tends to lead to superior security and performance while eliminating the muss and fuss around software procurement, installation, and maintenance.

Given these benefits, I believe that the U.S. federal government should make self-encrypting drives a new standard for all federal system purchases. This would not only enhance the security of private data on federal systems but also help jump-start this tech industry transition. This is a perfect opportunity for the federal government to take the lead because:

1. Demand for encryption remains high. In 2006, the Office of Management and Budget instructed civilian agencies to put a plan together for laptop security within 45 days. Subsequent to this plan, agencies were supposed to encrypt all laptops. According to several estimates, somewhere between 50 percent and 60 percent of these laptops remain unprotected. If all new systems contain self-encrypting drives, federal agencies can focus their attention on a stop-gap plan for aging systems in the field.

2. The federal government has programs and people in place. The Department of Defense and General Services Administration have already established a "Data at rest Tiger Team" to address this problem in the defense community. It is safe to assume that this team knows what's out there, which systems are still vulnerable, and which ones are up for replacement. Adding systems with self-encrypting drives could provide this team with a new tool to accelerate this effort.

3. Self-encrypting drives could help secure the new Federal Desktop Core Configuration (FDCC). To improve security, federal officials are in the process of defining a set of FDCC guidelines for laptops and desktops. With self-encrypting drives, these systems will be secure upon delivery.

4. The Defense Department is slim on procurement people. Just last week, a team of experts told a Senate committee that the Defense Department is constrained by a lack of procurement people. OK, so here's a thought. Wouldn't it be more efficient to purchase systems with self-encrypting drives once rather than purchase systems and then purchase software? Oh, and self-encrypting drives would also eliminate the systems integration burden as well.

I could go on and on, but I think I've made my point. The federal government could improve security, lead the industry, and lower costs by embracing self-encrypting drives for all new systems. This should be plenty of motivation for federal agencies such as the General Services Administration, the Department of Defense, and others in the Beltway to get busy.

I've long been a big proponent of self-encrypting drives as the best way to encrypt data-at-rest on PCs and storage systems.

This belief became a lot more real in January when the Trusted Computing Group published three storage encryption standards for laptops, enterprise storage, and software interoperability. Fujitsu, Hitachi, Seagate, and Toshiba support these standards and are already shipping self-encrypting drives.

In February, IBM joined the fray, further validating the self-encrypting drive standard. IBM announced that its massive DS8000 storage system will now offer self-encrypting drives to protect the confidentiality and integrity of data-at-rest. LSI, another leading storage system vendor, is also on board.

I have to believe that Fujitsu and Hitachi will soon follow this trend. Both companies currently offer encrypting storage systems that use a cryptographic processor resident in their storage controllers. Since both companies supply self-encrypting drives, it is likely that they will replace encrypting controllers with self-encrypting drives in future product revisions.

It seems to me that the dominoes are falling at an accelerating pace and that within two to three years, every device that ships with a hard drive or solid-state disk will offer self-encrypting drives. Chief information security officers, purchasing managers, management software vendors, and government agencies should plan for this inevitability.

Update at 7 a.m. PST January 30: Clarification made in the final paragraph.

Every day it seems like there is a new and significant data breach in the news. In fact, organizations like ChoicePoint, TJX, the Department of Veterans Affairs, or Heartland Payment Systems have become poster children for the sorry state of information assurance.

Recognizing the risks to sensitive data, many companies have implemented full-disk encryption software from companies like PGP, PointSec, SafeBoot, and Utimaco. Still, this means purchasing, deploying, and managing add-on software on lots of PCs--a cumbersome operational task. For a number of years, I've been writing about a superior alternative, hard drive-based encryption. Fitted with self-encrypting drives, PC-based disks are encrypted from the get-go. What's more, disk-based encryption is more secure than add-on software with virtually no impact on system performance.

So why haven't PCs with encrypting hard drives become a de facto standard? Users were afraid of proprietary hardware implementations and a lack of software management support. These were valid concerns--until now. This week, the Trusted Computing Group (TCG) announced the publication of three new standards for storage encryption. One is for PC hard drives (aka Opal), one is for enterprise hard drives (aka the Enterprise Security Subsystem Class Specification), and one is for secure interoperability with other storage standards like SCSI and ATA. All of the large hard drive vendors, including Fujitsu, Hitachi, Seagate, and Toshiba, will deliver hard drives that support these standards, and management software vendors like Secude, Wave Systems, and WinMagic are also on board. Others will surely follow.

What do these new TCG standards mean?

1. Software encryption is all but dead. Soon, most business laptops will be offered with encrypting hard drives at a nominal premium over a standard system. Heck, Dell already has about 12 models available. In three to five years, every disk drive may be encryption-enabled as it rolls off the production line. Encryption software fades away--quickly.

2. CIOs and purchasing managers need to develop a plan. Many IT and security managers have no idea that TCG even exists, but this is no longer acceptable. Since laptops and desktop PCs will come with encryption "baked in," it is incumbent upon IT and endpoint management and security teams to create a plan for phasing in systems with self-encrypting drives and phase out encryption software over time.

3. Expect encrypting drives in enterprise arrays. This will take a bit more time, as demand for array-based encryption isn't nearly as high. Nevertheless, every storage system produced by EMC, Fujitsu, Hitachi, HP, and IBM may eventually follow this path.

4. Federal endpoint security initiatives must shift direction. I'm thinking specifically about the Federal Desktop Core Configuration effort and the Data at Rest SmartBuy program. Each of these efforts should be updated to emphasize disk-based encryption over software. The National Institute of Standards, the National Security Agency, and the U.S. General Service Administration must lead the effort to qualify, certify, and build procurement tools for self encrypting drive technologies soon.

There is a common IT evolution where hardware replaces software in order to offload processing, enhance performance, and lower overall system costs. This cycle is exactly what is happening here, and there is no turning back. My suggestion is that IT and security decision-makers come to terms with this ASAP. Your long-term information assurance strategy may depend on this.