Archives for 

Security Research

Sliding Right attack (Libgcrypt ) Allows Recovery of RSA-1024 Keys

A full key recovery for RSA-1024 and conceivably RSA-2048 might be possible according to an academic paper released last week. The said paper, titled: “Sliding right into disaster: Left-to-right sliding windows leak”, described a flaw  (CVE-2017-7526)  in the cryptographic library Libgcrypt that made it prone to local side-channel attack.

According to AO Kaspersky Lab, Libgcrypt, which is a general purpose cryptographic library originally based on code from GnuPG to provide functions for all cryptographic building blocks, uses left to right sliding windows exponentiation. This method, although common in cryptographic implementations and computes power, leaks a fractions of the exponent bits during process. Although it’s been assumed that the number of leaked bits will not be enough to carry out full key-recovery attack against RSA, the researchers explained that Libgcrypt’s employment of left-to-right sliding windows “leaks significantly more information about exponent bits than for right-to-left.”

The researchers utilized a Flush+Reload cache-timing attack on Libgcrypt’s exponentiation routine in order to successfully break the library’s implementation of RSA-1024. The Flush+Reload attacks, first described in 2014 by one of the paper’s authors along with a colleague at the University of Adelaide, target a vulnerability in Intel X86 processors and were successfully used before to harvest private encryption keys from programs running GnuPG 1.4.13.

In the paper, researchers first monitored shared memory locations for access and over time were able to form a trace of accesses to the monitored location. When the traces were analysed, researchers were able to detect a complete series of square-and-multiply sequences. These sequences were in turn used to recover the key.

This attack proved efficient for 13 percent RSA-2048 keys. Researchers implied that a tweak along with enough time and computational power will allow recovery of RSA-2048 just as easily.

Author and primary developer behind GnuPG, Werner Koch, wrote that there are easier ways than the method explained in the paper to access private keys especially as the proposed scenario involved execute access on the hardware where the private RSA key is used which is already considered a jeopardy. However, he also admitted that it can be used on hardware running multiple VMs; as a software running on one VM could use the attack to compromise private keys stored on another.

The authors contacted developers of the library while writing the paper and reported that the developers refused to push patches that uses fixed windows instead of sliding windows and deemed it as unnecessary. However, Koch announced on Thursday that the GnuPG Project would address CVE-2017-7526 in version 1.7.8.

Necessary patches to stop the attack soon followed on Friday as SUSE Linux was the first to resolve the issue in versions 1.6.1, 1.5.0, and 1.2.2. Developers with Debian promoted users to upgrade the vulnerable packages, pushing patches to prevent possible compromise. A security engineer for Ubuntu informed users of the issue and the update containing the fix was released on Monday.

The paper, authored by eight academics from Technische Universiteit Eindhoven in Netherlands, the University of Illinois, the University of Pennsylvania, the University of Maryland, and the University of Adelaide — Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom, is scheduled to be presented in Septemeber at the Conference on Cryptographic Hardware and Embedded Systems in Taiwan.

Share Button

PLATINUM malware steals data using Intel’s Active Management Technology ( AMT) bpassing Windows Firewall

Microsoft published an article about the exploitation of Intel’s AMT tools stealing government data for espionage purposes. The hack works independently of the Operating system which can bypass any windows firewall at the moment. The malware has been active since at least 2009 primarily responsible for spear phishing attacks on ISPs, government organizations, intelligence agencies, […]
Share Button
Continue reading →

“Doxware”- Evolution of Ransomware, a new form of malware threat for 2017

As security controls and defense measures for computer systems become more sophisticated, cyber criminals have taken one step ahead in the world of Ransomware. The most profitable ransomware attacks has taken a leap with doxing. What is Doxware ? “Ransomware is the art of encrypting data on a network, users PC or Mac and asking for […]
Share Button
Continue reading →

First Mac malware of 2017 Quimitchin /Fruitfly was discovered targeting biomedical research centers

Security researchers from Malwarebytes have identified strange traffic originating from a Mac. The unusual traffic was identified by IT admins when investigated led to espionage malware describes as Quimitchin. (Apple calls this as ‘Fruitfly’) The malware appears to have been existed for a while and undetected for quite a long time. One of the timestamp […]
Share Button
Continue reading →

WhatsApp vulnerability is real and Facebook claim of end-to-end encryption doesn’t work

After Guardian’s post early on Whats App vulnerability was published last week, security experts from all over the word have been discussing the validity of this vulnerability and intensions behind it. Facebook denied this as a vulnerability going against Guardian and the intension behind it as design decision. However some of the most respected security […]
Share Button
Continue reading →

Approx. 68 million Dropbox accounts available to download by anyone wordwide

During the month of August, motherboard one of prominent online magazine released a report that more than 60 million account details were stolen from the cloud storage provider Dropbox. However now approx. 68 million Dropbox accounts are available to download by anyone.( Exact number as publish on ibtimes :68,680,741 accounts) During the month of September, […]
Share Button
Continue reading →

WhatsApp, aka Facebook was sued in India by two college students due to concerns over Privacy

After the recent changes to privacy policy on WhatsApp , people around the world feels to have betrayed by Facebook’s decision. To challenge this, two students from India have filed a legal challenge against Facebook to roll back changes to Whats App policy, which is threatening the rights of millions of users in India. The […]
Share Button
Continue reading →

Steps to Change your Whatsapp Settings before Facebook Begins Sharing data  – Android & Iphone

From the first time you see the privacy policy update screen on WhatsApp ( both iPhone & Android phones) , you have 30 days to click through and agree or not agree to Facebook, using your Whatsapp data to suggest friends and serve ads hampering your experience. We highly recommended to follow the below steps to help privacy invasion by […]
Share Button
Continue reading →

Windows 10 – Evil to the Core for Privacy and pain for the users

Last evening I left my desktop running the whole night on a photoshop job. Today morning my desktop was showing “blue screen of death ” with a message and a hung desktop. “Your PC ran into a problem and needs to restart, we’re just collecting some error info, and then we’ll restart for you” Microsoft […]
Share Button
Continue reading →

YiSpecter malware can infect non Jailbroken iOS devices

Palo Alto Networks has detected a malware capable of attacking even those non-jailbroken iOS devices. The researchers have named the malware as YiSpecter. It follows unique methods that involves exploiting private APIs in iOS and infecting them. Private APIs are undocumented by Apple and, therefore, avoid being detected. Apple’s App Store has around 100 such […]
Share Button
Continue reading →