The Year Of The Crypto Bug

I am going to name 2014 as the Year Of The Crypto Bug.

Does it seem to you that this year or so has revealed more than it’s share of cryptography oopsies?  It does to me.  So I started looking at what was found this year.  In some sense, this is good news, but in another sense, how many more have not been found yet?

I haven’t looked at history, so maybe this is normal.  MAYBE, this is the year of the crypto bug.

Many of the bugs listed below are major – like 10 out of 10 – kind of bugs and many are also ones that you don’t have the ability to patch.

  • Microsoft SChannel – SChannel is part of Microsoft’s implementation of SSL and TLS, that we all use for shopping and banking.  The bug patch was rated critical; Microsoft said that a remote, unauthenticated attacker could execute arbitrary code.  The bug, nicknamed Winshock, had been around for 19 years.
  • Heartbleed – The heartbleed bug got a lot of attention in the press when it was first announced.  Heartbleed affected OpenSSL, again attacking the security that we use for banking and shopping, but it also affects the “Internet of things” like web cams, alarm systems, elevators and HVAC controllers.  Many of these use OpenSSL because it is free.  Worse yet, when was the last time you patched your refrigerator?  So, it is likely that this bug will persist for years if not decades.  Some people rated this an 11 on a 1 to 10 scale
  • POODLEPOODLE is another attack on SSL – that old staple.  In this case, really old.  It is an attack that allows an attacker to convince a site to use an 18 old version of SSL, which has some security weaknesses.  The solution is to get rid of this version of SSL, which Firefox did several weeks ago, Google will do this month and Microsoft will do in a couple of months.
  • Son of POODLE – This new variant of the POODLE attack above is more effective than the original one.  It does not require you to force the browser or web site to use an obsolete version of SSL – it works fine with TLS – and it is far simpler to accomplish.  A number of high profile web sites fall victim to this bug.  The linked article has a pointer to Qualys free test to see if your site is vulnerable.
  • Whatsapp – This is really more of a design flaw than a bug, but it still puts content at risk.  According to some researchers in Utrecht, Netherlands, the Whatsapp development team made some decisions that weakens the protections offered by the encryption they provide.  They said that you should assume all messages are compromised (which is a bit strong in my opinion).  On the other hand, the CEO of Whatsapp said the story is overblown and don’t worry your pretty little heads.  One might conclude that they knew their crypto was weak and chose not to fix it or weakened it on purpose for nefarious reasons.
  • Mozilla NNS Crypto LibraryThis bug allows a hacker to fake or forge SSL certificates, allowing an attacker to create a website that looks real down to the SSL padlock.  Intel called this the BERserk attack because it compromises the Basic Encoding Rules of the protocol.  Cute.
  • Apple Triple HandshakeThis bug, affecting iOS 7.1 and earlier for phones and OSx 10.8 and 10.9 on Macs, allows an attacker to reuse credentials that you have already used to authenticate yourself to, say, your bank.  This requires that the attacker be able to eavesdrop in the middle of your conversation, like at a public WiFi.  Doing anything sensitive on a public WiFi is not a good idea anyway, so this just reinforces it.
  • Apple GoTo Fail bug –  This bug, which also affected a variety of Mac OSx and iOS versions, allowed an attacker to present a fake encryption key which the Apple OSes accepted because of a bug.  This would allow the attacker to decrypt ALL traffic. Apple took a lot of heat about the way they handled this particular bug.  This bug was named the GoTo Fail bug because it was caused by a developer adding 9 extra characters (GoTo Fail) in a module.  This points out that while some bugs are very difficult to detect, a simple code review by someone other than the developer would have likely found this bug before it was released.
  • GnuTLS bugThis bug, like the OpenSSL crypto bug, will be found on millions of computers (it is used by several distributions of Linux like Ubuntu, Red Hat and Debian).  The bug allows an attacker to easily bypass the SSL or TLS encryption on web sites.  Again, this software is used in lots of “Internet of Things” kind of devices like web cams and alarm systems.