Four Questions For: Jean-Philippe Aumasson

Long term, who wins: the cryptographers or the code breakers?
Nobody breaks codes anymore, strictly speaking. When you hear about broken crypto, it’s most of the time about bugs in the implementation or about the use of insecure algorithms. For example, the DROWN attack that just won the Pwnie Award of the Best Cryptographic Attack at Black Hat USA exploits weaknesses in: 1) a protocol already known to be shaky, and 2) an algorithm already known to be insecure. So we’ve got unbreakable crypto, we just need to learn how to use it.
What innovations in cybersecurity should companies implement today?
The hot topic in my field is end-to-end encryption, or encryption all the way from the sender’s device to the recipient’s device. This is therefore the strongest form of encryption. WhatsApp and Facebook recently integrated end-to-end encryption in their messaging platforms for the benefit of their users’ privacy. Enterprise encryption software lags behind, however, with encryption solutions that often expose the unencrypted data to an intermediate server. That’s acceptable, for example, for compliance or controllability reasons, but otherwise you should make sure that you use end-to-end encryption to protect sensitive information, such as VoIP phone calls (telecommunication standards, including the latest LTE, are not end-to-end encrypted).
What are the implications of mobile technology and wearables in personal security?
Companies creating those products often neglect security and privacy concerns to save cost (or through ignorance) while security experts tend to exaggerate these concerns. We’ll have to find a middle ground between the needs and expectations of users and regulations. Meanwhile, the lack of security in IoT systems creates great opportunities for conference talks and marketing FUD.
In the Internet of things, is everything hackable, and if so, will someone hack all the pacemakers some day and turn them off?
The “everything is hackable” mantra is actually less scary than it sounds. Literally everything is hackable: from your refrigerator’s micro controller to your mobile phone, as long as you put enough effort in it. One shouldn’t think in terms of mere possibility but instead in terms of risk and economic interests: if I spend X days and Y dollars to hack a pacemaker, will my profit be worth the X-day and $Y investment? A secure pacemaker is obviously better than an insecure one, but the scenario you describe is unlikely to happen; it would just make a great movie plot.
Jean Philippe Aumasson
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, and holds a PhD in applied cryptography from EPFL. Switzerland. He has talked at top-tier information security conferences such as Black Hat, DEFCON, and RSA about applications of cryptography and quantum technologies. He designed the popular cryptographic algorithms BLAKE2 and SipHash, and organized the Password Hashing Competition project. He wrote the 2015 book “The Hash Function BLAKE”, and is currently writing a book on modern cryptography for a general audience. JP tweets as @veorq.

As FTC adds encryption to its website, government remains unsure on corporate use

The Federal Trade Commission’s website just got a whole lot safer for people to peruse after the government agency said Friday that it now supports HTTPS encryption. While it used to provide secure transport for the parts of the website that dealt with sensitive information like complaint data and email subscriptions, this is the first time that secure browsing covers the entire site, the FTC said.

When a website is secured through the HTTPS communication protocol, all data passed between the site and the person who is accessing it will be encrypted through the use of either the SSL or TLS encryption protocols. Basically, the person’s browser initiates communication with the locked-down website and through the exchanging of encryption keys, all information should be scrambled from prying eyes.

In theory, this process works fine, but as the latest FREAK bug demonstrates, there can be some holes in the system, especially if the browsers or devices in questions use ineffective security protocols to speak to websites. In the case of FREAK, Android browsers using the OpenSSL protocol, Safari browsers using the Apple TLS/SSL protocol and now all supported versions of Windows that use the Schannel security package (sorry IE users) are vulnerable to hackers who can essentially weaken the encryption that takes place.

Still, many sites use HTTPS as it is one of the most common tools to prevent eavesdroppers from snooping into website sessions. In the case of the FTC, it may seem like a no-brainer to add encryption, but the U.S. government hasn’t always showed support with encryption technology, especially when it comes to tech companies and mobile-device makers who use the tech to mask data.

Both the U.S. and U.K. governments have made it clear they feel that companies using encrypted communications can impede government investigations and even the Chinese government has jumped on the bandwagon with a proposed law that would require tech companies to hand over their encryption keys.

Ironically, a leaked U.S. report on cyber threats explained that encryption technology is the “[b]est defense to protect data,” which shows that the U.S. government hasn’t quite made up its mind on where it sees encryption technology. If it protects consumers from spying eyes as in the case of the FTC website, then that’s great, but if the government perceives that the technology may prevent it from doing its job, it’s a no-go.

Either way, the corporate sector shows no signs of slowing down when it comes to developing new businesses around encryptions, with recent funding rounds for encryption-centric startups like CipherCloud and Ionic Security.

The U.S. government, as well, still has a long way to go. Many .gov domains like whitehouse.gov, the U.S. Department of Education, the U.S. Department of the Treasure and NASA’s website remain unencrypted. So expect this tug-of-war between the need to protect and the government’s need to scan encrypted company data in the case of investigations to continue.

Windows users are also vulnerable to FREAK snooping attacks

The “FREAK” vulnerability that downgrades and weakens secure web connections doesn’t just affect Google and Apple users — according to a security advisory from Microsoft, all supported versions of Windows are vulnerable too.

FREAK (Factoring attack on RSA-EXPORT Keys) is a recently discovered hangover from the early 90s, when the U.S. government banned the export of most software that used strong encryption. The SSL web security protocol was for that reason built with a special mode that uses key lengths considered weak today. The law was changed but the weak cipher suites remain, and although most modern browsers are supposed to avoid them like the plague, a widespread bug means they don’t always do that.

The FREAK flaw allows “man-in-the-middle” snoopers to downgrade a session’s security to that mode – as long as the browser is vulnerable and the server accepts those weak old cipher suites — then crack the keys and spy away.

When the flaw was publicized earlier this week, it was Apple’s Safari browser and the stock Android browser that were on the firing line for being vulnerable, endangering those users who communicate with servers that accept “export-grade” encryption – apparently a whopping third of servers with browser-trusted certificates. But it turns out the list of affected browsers and systems is way longer than that.

The big one is Windows. In pretty much every version of Windows that’s out there, Internet Explorer and whatever else uses the Schannel security package are vulnerable to the FREAK attack.

In its advisory, Microsoft said:

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Per the researchers who brought this all to our attention, here’s the current list of browsers that need patching:

  • Internet Explorer
  • Chrome on OS X (patch available)
  • Chrome on Android
  • Safari on OS X (patch expected next week)
  • Safari on iOS (patch expected next week)
  • Stock Android browser
  • BlackBerry browser
  • Opera on OS X
  • Opera on Linux

As a Firefox user, I’m feeling slightly smug this week — the researchers’ FREAK test tool just gave my browser a clean bill of health, and told me my never-used IE installation is vulnerable. Not too smug though, given the impact on other Windows software.

Good thing the anti-strong-encryption nonsense that caused this mess is a relic of past decades, eh? Oh wait…

Decade-old FREAK bug leaves Google and Apple device users vulnerable

A team of security researchers unearthed a decade-old vulnerability called the FREAK (Factoring attack on RSA-EXPORT Keys) attack, which impacts Google and Apple device users who may have visited websites, including Whitehouse.gov and NSA.gov, according to a Washington Post report. One of the researchers who spotted the vulnerability told the Post that “Of the 14 million Web sites worldwide that offer encryption, more than 5 million remained vulnerable as of Tuesday morning.”

According to Matthew Green, a cryptographer and research professor at Johns Hopkins University who has been looking into the flaw, the security researchers found serious vulnerabilities in the security protocols used by the Safari browser and the browser found in Android devices. These protocols are used to encrypt data through secure network connections between websites and browsers.

Even though the Android browser in question uses the OpenSSL protocol and Safari uses the Apple TLS/SSL protocols, both protocols are similarly affected and a hacker taking advantage of the bug can “downgrade connections from ‘strong’ RSA to ‘export-grade’ RSA,” Green wrote. This basically means that a hacker can infiltrate the connection between the browsers and websites and weaken the encryption that occurs. When this happens, a hacker can supposedly decrypt the data and obtain the information that was supposed to be secure.

While the bug clearly affects a lot of users, Forbes is reporting that actually pulling off the hack requires a lot of work, and it’s more likely that hackers would attempt another kind of attack.

From Forbes:
[blockquote person=”Forbes” attribution=”Forbes”]This all sounds scary, but in reality, there are easier attack methods for snoops or criminals to spy on your online lives. For starters, a FREAKy hacker will have to find a target using a vulnerable PC, phone or tablet, and hope they use the affected sites. They’ll also have to be on the same network, though the NSA, GCHQ and myriad other intelligence agencies have access to much of the world’s internet, so would easily be able to carry out such an attack, as long as the other criteria were met.[/blockquote]

What’s interesting is that the reason why there is weaker encryption in the first place has to do with U.S. government policy “that once forbid the export of strong encryption” and instead called for products shipped to other countries to come equipped with weak encryption, the Post reported. Although the policy is supposedly no longer in effect, the damage has been done and “weaker encryption got baked into widely used software that proliferated around the world and back into the United States.”

While Google’s Chrome browser is not affected by the vulnerability, the browser found in the majority of Android devices are, and an Apple spokeswoman told the Post that the company will be issuing a security patch that should fix both Apple computers and mobile devices.

Encryption has been a hot topic as of late as China just unveiled a new counterterrorism law that would require tech companies to hand over their encryption keys if the Chinese government calls for it. Both the U.S. and the U.K. have also let it be known that encryption hampers a government’s ability to perform investigations and if companies use the tech, they should be prepared to turn over the encryption keys.

Scientists create quantum entanglement on a silicon chip

A team of scientists has figured out a way for a standard silicon chip to tackle quantum entanglement — a phenomenon in which multiple particles are connected to each other and act in uniform, regardless of how far apart they are. The scientists’ findings were detailed on Monday in a research paper published in Optica, a monthly journal by The Optical Society (OSA).

So far, harnessing the power of quantum entanglement onto silicon chips has proven to be a difficult task because of the large size of the devices used to emit entangled photons; photons are essentially the particles that make up light. Creating silicon chips — which are inexpensive and prevalent compared to specialized entanglement equipment — that can handle quantum entanglement is a big deal in that it can allow for more powerful computer chips and better encryption technology.

The researchers of Università degli Studi di Pavia in Italy have come up with a way to solve this problem by creating a microscopic device that can supposedly fit onto a silicon chip and produce entangled photons.

The researchers paired a silicon wafer with what’s known as a ring resonator — a closed loop that photons enter on one side via a laser beam. They emerge entangled on the other side, where they are captured.

According to the research paper, the team of scientists was able to “demonstrate that silicon ring resonators in a silicon-on-insulator platform are an efficient source of time-energy entangled photon pairs.”

From the research paper:
[blockquote person=”” attribution=””]We can confidently expect that silicon mircoring resonators will become the dominant paradigm of correlated photon sources for quantum photonics, both for applications involving the transmission of quantum correlations over long distances, such as quantum cryptography, and for applications involving quantum information processing “on-a-chip.”[/blockquote]

Quantum entanglement can be very useful to the field of security and can help with encrypting messages. GridCOM Technologies, for example, explained to Gigaom in 2013 that it uses quantum entangled photons to generate encryption keys.

Any time someone tries to measure an entangled photon to learn what it may have encrypted, the GridCOM system is automatically pinged because of the way the photons are connected; each entangled particle affects the other and when one particle exists in a state where it is spinning up, its correlated particle will take on a state where it is spinning down.

Leaked US report says encryption “best defense” to protect data

A newly leaked document courtesy of Edward Snowden revealed that some U.S. officials are encouraging the use of encryption as a means to protect data, which contrasts with British Prime Minister David Cameron’s recent statements against encrypted communications, according to a report by The Guardian.

The 2009 document penned by the U.S. National Intelligence Council, which supports the U.S. Director of National Intelligence and acts as the middleman between the intelligence and policy communities, explained that companies and the government are prone to attacks by nation-states and criminal syndicates “due to the slower than expected adoption…of encryption and other technologies.”

The report detailed a five-year prognosis on the “global cyber threat to the US information infrastructure” and stated that encryption technology is the “[b]est defense to protect data.” Encryption makes it possible for documents and messages to be unreadable to people who don’t have the appropriate cryptographic key.

The authors of the document also encouraged the use of multi-factor authentication, which adds another step to the security process beyond simply entering a password; [company]Microsoft[/company] added this feature to its Azure cloud in 2013.

British Prime Minister David Cameron has made it clear that he does not support encryption in the case that the technology could hamper government or law enforcement investigations, and he’s reportedly set to egg on President Barack Obama to support his cause.

Both Attorney General Eric Holder and FBI Director James Comey have also been vocal against aspects of encryption technology that they feel lets criminals conceal their nefarious activities.

Encryption is no doubt a hot topic in the security space with the recent Sony hacking and the subsequent leaking of countless corporate documents taking a toll on the entertainment company.

Companies have been pushing for better encryption technology to secure what they deem are confidential files, and there’s been a wave of security startups focussing on encryption scoring millions of dollars in investment in recent months.

Veradocs and CipherCloud landed $14 million and $50 million respectively in November and Ionic Security just brought in $40.1 million this week.

Despite political push back, it’s clear that companies won’t slow down on implementing encryption any time soon, so long as large-scale data breaches continue to occur on a seemingly weekly basis.

Researchers slam Telegram app’s “visual fingerprint” security

Security researchers Alex Rad and Juliano Rizzo claim to have discovered significant weaknesses in the Telegram secure messaging app, mainly to do with the “visual fingerprint” that correspondents must use to ensure the security of an end-to-end encrypted conversation.

Telegram chats are not end-to-end secure by default, and when users want to set up a fully secure chat they need to compare these visual fingerprints — derived from the shared secret key for the conversation — to check that they see the same thing, so the shared key has not been tampered with.

Telegram visual fingerprint

Telegram visual fingerprint

The biggest problem they highlighted in a Friday blog post was a simple one: As users don’t tend to be standing next to one another, the easiest thing for them to do is share screenshots of the fingerprint through the not-yet-properly-secret conversation – which a man-in-the-middle (MITM) attacker could “auto-replace.” Sharing them via MMS could also cause problems, due to the vulnerability of that channel.

Even if the users don’t make such mistakes, the researchers argued, a very well-resourced “super villain” – as in, one with tens of millions of dollars to spend, or a botnet or supercomputer under its control — might be able to spoof the visual fingerprint. However, Telegram responded on Twitter to say they got their numbers wrong, and this would be prohibitively expensive…

… and also argued that the researchers were wrong to say that social engineering would be able to make the calculation of the fingerprint more manageable.

Rizzo shot back:

Rad and Rizzo also criticized Telegram for using SMS as a user authentication mechanism, as “SMS can be sniffed and cracked, targets can be connected to false base stations, and carriers can be compromised.” This would obviously also affect those using MMS mechanisms to compare visual fingerprints.

The researchers called on Telegram to make all chats end-to-end encrypted by default, switch from per-chat authentication to proper public key cryptography (as used by the likes of OTR, Threema and TextSecure), and introduce a new user authentication scheme.

“Finally, to honor privacy, Telegram must enable communications decoupled from the requirement for address books and a phone number so that people can use Telegram anonymously, which is not currently possible,” they added.

Berlin-based Telegram sent me a statement in response to the blog post, noting in response to the “super villain” attack theory that — on top of the $1 trillion issue — “people usually contact support if a secret chat takes more than a few seconds to be created — and here it would have to take 30 days”. The statement continued:

In terms of comparing key visualizations, pretty much any way of remote identity verification (like sending screenshots) poses similar problems, including public keys suggested in the post. A secure independent channel is required — personal communication being, naturally, the only truly secure option.

As for the possible login SMS interception — it does not affect secret chats. For additional protection of cloud chats, we’ve been working for the last two months on introducing cloud passwords for users who are concerned about the safety of their SIM — that work is nearing conclusion.

On the whole, we’re glad that Telegram’s open structure, code and documentation makes it possible for researchers to contribute and suggest solutions. We’re grateful for each comment of this kind, regardless of whether it describes a realistic attack or not.

This article was updated at 5am PT to note that the insecure channel for sharing visual fingerprints would be MMS, not SMS, and again at 5.30am PT to note Telegram’s statement. It was also amended at 11.40pm PT to remove my erroneous assertion that TextSecure is known as Signal on iOS — the apps are made by the same people and the idea is for TextSecure-compatible messaging to be added to Signal, but for now Signal is only a secure voice app, equivalent to Redphone on Android.