Author: Dan Goodin

Enlarge (credit: Ron Amadeo)

There’s a new round of Stagefright vulnerabilities that allows attackers to execute malicious code on more than one billion phones running ancient as well as much more recent versions of Google’s Android operating system.

Stagefright 2.0, as it’s being dubbed by researchers from security firm Zimperium, is a set of two bugs that are triggered when processing specially designed MP3 audio or MP4 video files. The first flaw, which is found in the libutils library and is indexed as CVE-2015-6602, resides in every Android version since 1.0, which was released in 2008. The vulnerability can be exploited even on newer devices with beefed up defenses by exploiting a second vulnerability in libstagefright, a code library Android uses to process media files. Google still hasn’t issued a CVE index number for this second bug.

When combined, the flaws allow attackers to used booby-trapped audio or video files to execute malicious code on phones running Android 5.0 or later. Devices running 5.0 or earlier can be similarly exploited when they use the vulnerable function inside libutils, a condition that depends on what third-party apps are installed and what functionality came preloaded on the phone. In a blog post published Thursday, Zimperium researchers wrote:

Enlarge

Microsoft said a highly suspicious Windows update that was delivered to customers around the world was the result of a test that wasn’t correctly implemented.

“We incorrectly published a test update and are in the process of removing it,” a Microsoft spokesperson wrote in an e-mail to Ars. The message included no other information.

The explanation came more than 12 hours after people around the world began receiving the software bulletin through the official Windows Update, raising widespread speculation that Microsoft’s automatic patching mechanism was broken or, worse, had been compromised to attack end users. Fortunately, now that Microsoft has finally weighed in, that worst-case scenario can be ruled out. What follows is the remainder of this post as it appeared before the company issued its explanation.

An Obama Administration working group considered four backdoors that tech companies could adopt to allow government investigators to decipher encrypted communications stored on phones of suspected terrorists or criminals, according to a news article published Thursday by The Washington Post. Ultimately, the group rejected each one out of concern that they were too controversial.

Citing a draft memo from the group, reporters Andrea Peterson and Ellen Nakashima wrote:

The first potential solution called for providers to add a physical, encrypted port to their devices. Companies would maintain a separate set of keys to unlock devices, using that port only if law enforcement had physical access to a device and obtained a court order to compel the company’s assistance.

The necessary hardware changes could be costly for US manufacturers, but the physical access required by this method could limit some of the cybersecurity risks, the memo said.

The second approach would exploit companies’ automatic software updates. Under a court order, the company could insert spyware onto targeted customers’ phones or tablets—essentially hacking the device. However, the memo warned, this could “call into question the trustworthiness of established software update channels” and might lead some users to opt out of updates, which would eventually leave their devices less secure.

A third idea described splitting up encryption keys, a possibility floated by National Security Agency director Michael S. Rogers earlier this year. That would require companies to create a way to unlock encrypted content, but divide the key into several pieces—to be combined only under court order. Exactly how this would work remains unclear, but the memo warned that such a system would be “complex to implement and maintain.”

Under the final approach, which officials called a “forced backup,” companies under court order would be required to upload data stored on an encrypted device to an unencrypted location. But this might put significant constraints on companies, the memo noted, saying it would require that they design new backup channels or “substantially” modify existing systems.

The approaches were part of a months-long government discussion on how best to deal with the growing inability of government investigators to monitor communications of suspects, a phenomenon the FBI refers to as “going dark.” While officials say they remain concerned, they said they had no intention of moving forward with any of the four approaches. “Rather than sparking more discussion, government-proposed technical approaches would almost certainly be perceived as proposals to introduce ‘backdoors’ or vulnerabilities in technology products and services and increase tensions rather [than] build cooperation,” the memo said.

According to a security researcher for Linux distributer Red Hat, network hardware sold by several manufacturers failed to properly implement a widely used cryptographic standard, a data-leaking shortcoming that can allow adversaries to impersonate HTTPS-protected websites using the faulty equipment.

A nine-month scan that queried billions of HTTPS sessions from millions of IP addresses was able to obtain leaked data for 272 keys, reports Red Hat security researcher Florian Weimer in a research paper published this week. Because the scan surveyed only a very small percentage of the overall number of transport layer security protocol handshakes, many more keys and manufacturers are likely to be affected by the leakage. Vulnerable hardware includes load balancers from Citrix as well as devices from Hillstone Networks, Alteon/Nortel, Viprinet, QNO, ZyXEL, BEJY, and Fortinet.

The results of Weimer’s nine-month scan.

Florian Weimer

Enter Chinese Remainder Theorem

The leakage is the result of insecure implementations of the RSA public key cryptosystem, which is one of several that HTTPS-protected websites can use to exchange keys with visitors. A 1996 research paper by researcher Arjen Lenstra warned that an optimization based on what’s known as the Chinese Remainder Theorem sometimes causes faults to occur during the computation of an RSA signature. The errors cause HTTPS websites that use the perfect forward secrecy protocol to leak data that can be used to recover the site’s private key using what’s known as a side-channel attack.

The National Security Agency is advising US agencies and businesses to prepare for a time in the not-too-distant future when the cryptography protecting virtually all e-mail, medical and financial records, and online transactions is rendered obsolete by quantum computing.

Quantum computers have capabilities that can lay to ruin all of the public-key cryptographic systems currently in use. These capabilities, which aren’t known to be present in the classical computers of today, include the ability to almost instantly find the prime factors of extremely large numbers, using a method called Shor’s algorithm. Quantum computing is also believed to be capable of tackling other mathematical problems classical computers can’t solve quickly, including computing discrete logarithm mod primes and discrete logs over elliptic curves.

The difficulty of factoring and computing discrete log primes and elliptic curve discrete logs play an essential role in cryptographers’ confidence in RSA, elliptic curve cryptography, and other public-key crypto systems. When implemented correctly, most scientists and cryptographers believe that the crypto can’t be defeated with today’s computers before the end of the universe.

LAS VEGAS—Google and its Android partners on Wednesday started distributing a fix for a vulnerability that could cause millions of phones to execute malicious code when they’re sent a malformed text message or the user is lured to a malicious website.

The flaw in an Android code library known as Stagefright was disclosed last week, several months after security researchers privately reported it to engineers responsible for Google’s Android operating system. Google engineers, in turn, have introduced changes to the Android text messaging app Messenger. The changes mitigate the threat by requiring users to click on videos before playing them.

Google began pushing out the updated app and other unspecified safeguards to Nexus devices and will be releasing them in open source later in the day, once full vulnerability details are disclosed. Google already sent the fix to hardware partners, and according to the Android Police news site, both Sprint and Samsung have started pushing out the updates. Updated handsets include the Nexus 5 and Nexus 6, the Galaxy S5, S6, S6 Edge, and Note Edge, the HTC One M7, One M8, One M9; LG Electronics G2, G3, G4; Sony Xperia Z2, Xperia Z3, Xperia Z4, Xperia Z3 Compact; and the Android One.