Reminder: Spies, cops don't need to crack WhatsApp. They'll just hack your smartphone Police in Germany will forego seeking decryption keys for secure messaging apps, like WhatsApp, and instead simply hack devices to snoop on suspects. Given the grumblings coming from Australia, the UK, and other Five Eyes states about encrypted messaging, we suspect these nations will follow suit – if they're not there already …
They can find out what bug is being exploited, and fix it. At least for iOS, the software would need to be updated constantly as the holes are patched with each release, and eventually they'll run out.
Sure, the company may try to verify that the buyer is a legitimate law enforcement organization to avoid selling to others, but set up a front company in some far off place and it'll be difficult to verify one away or another...
As they very well should. It is their job to ensure that their software is secure, and to remedy any shortcomings that are discovered.
Such software is hardly new. There are several malware frameworks which pull together C&C, keylogging, botnet herding, encryption/ransom, email relay etc. That is why these Wannacry style attacks can be launched so quickly. All they need to do is write the hook for the specific vulnerability they exploit. That the good* guys can use the same tools for good* is unsurprising.
* Levels of good may vary from region to region.
The fact that it's not "for sale". It's developed by the likes of GCHQ or the NSA, and shared by them on a "maintain good relations" basis with those agencies they want to - well, maintain good relations with.
It's not a matter of verifying the buyer, but the only people you would even consider "selling" to are those who are already in your address book, for unrelated reasons.
The fact that it's not "for sale". It's developed by the likes of GCHQ or the NSA, and shared by them on a "maintain good relations" basis with those agencies they want to - well, maintain good relations with.
That also explains why they're trying to blacklist Kasperski all of a sudden: Kasperski (a) has never played ball with authorities trying to get their spyware whitelisted as a matter of principle and (b) has a history of unearthing these things as they find them and (worse) make their findings public so the other AV companies have no choice but act on it as well. Not that Kasperski is the only company analysing nasties, but they're the only ones that the US is trying to boot for reasons that don't quite add up.
Although the new version of RCIS is newsworthy, again the rest is "news" with a considerable beard.
After all, the use of such software by the German authorities (Staatstrojaner) was already news in 2011:
https://www.heise.de/newsticker/meldung/Staatstrojaner-Eine-Spionagesoftware-unter-anderem-aus-Bayern-1358091.html
And as for ways getting it on your device; many ways were mentioned back then, with officials "inspecting" your device being the top one. I guess the US border officials finally caught up?
Furthermore, as also reported back in 2011, being a terrrrorrrrist suspect wasn't the only reason for a "drop". In 2011, reports described an employee of a pharma company as a target, to gather intel on the "sale and distribution of a not in Germany registered anesthetic".
So if you ever have to hand your phone over to border control officials etc. you should enable parental lock so software can't be installed? They'd have a hard time arguing that you need to disable parental controls for them to 'inspect' it.
So if you ever have to hand your phone over to border control officials etc. you should enable parental lock so software can't be installed? They'd have a hard time arguing that you need to disable parental controls for them to 'inspect' it.
I like that idea :).
There is a more thorough way on iOS: install a password protected restriction profile on the iPhone and they won't even be able to install fake certificates.
This post has been deleted by its author
> With government officials still struggling to convince the public of the need to give law enforcement the ability to decrypt
I would support this if it was effective. That's unfortunately not how math works (even in Oz oh wise leader).
In simple terms, asymmetric encryption works as follows. Use a key exchange (eg RSA or DH) to invent a shared secret that can be computed by both sender and receiver will (relatively) simple math. That secret is then used to encrypt the payload with a symmetric encryption (eg AES).
So where does that leave government backdoors/lawful intercepts.
Well you could ask Alice or Bob to kindly share the secret they came up with together with Eve. (Some) law abiding folk might agree to that but I'm skeptical that criminal Alice and criminal Bob will trouble themselves to do so.
I guess you could not tell Alice Bob's real public key but the service provider's one, then have the service provider decrypt the messages and re-encrypt it with Bob's real public key. A few problems there. Firstly, the service provider becomes a honey pot to hackers or misbehaving staff. Secondly, if Alice and Bob ever meet then they can tell the public keys are different.
I guess you could limit the key size or RNG in some way, but here in the tech world we call that weakening the encryption. There is just no way to do that so that your good guys can do it without equally enabling the bad guys.
None of that is meaningful if the UI itself has been hacked by FinSpy or the shiny, shiny RCIS. The original or, after decryption by the receiving device, text, images, or other types is collected and exfilitrated back to the BKA or other agency. Perfect end-to-end encryption is useless if the device itself is co-opted.
Of note is that the Paris attackers, and prior attacks, had dozens of unused (burner) phones. They treated each as, basically, a one-time pad. Hopefully the agencies will be able to adapt to that. [An exercise to the student in geographical applied graph theory, likely.] I'm not opposed entirely to this. This is well within the boundaries of proper surveillance in that it is targeted to individuals. Toss in court approved and we're good to go. In theory. Then again, I know the difference between theory and practice. [And here in the USA we have unchallangable secret courts.]
At some point you have to assume that your servants in the government do have a job to do in protecting our values and freedoms. The problem usually comes from power corrupting them, etc, and of course the absolute power afforded by easy mass digital surveillance is too tempting for them to cope with.
So anything that gives the spooks the ability to spy on targeted individuals, but which does not lend itself to mass surveillance should be a good thing. Like back in the day of having to steam open envelopes or rifle through the garbage bins - they could do it when they had to, but it would never have been possible on a large scale.
@Jack, and the vulnerability hoarding by TLAs is exactly what enabled Wannacry. This isn't a zero consequence game where you get more bad people caught. I would love there to exist a construct whereby keeping confidential information secure for good people but insecure for bad people but that is not what math gives you. Unfortunately
(m^e)^d === m (mod pq) even if you are an {insert today's boogyman}.
We know that the NSA previously used specific elliptic curve parameters to weaken the RNG used and therefore effectively sidestep the encryption. Now have a think about what happened when that was discovered. Everyone stopped using it. Do you think the bad guys will continue to use a communication medium they know can be read at will?
The other thing I would ask those who think that these sorts of proposals are a good idea is "what sort of argument could you give against a future law that bans meeting someone in person behind closed doors without tapes being held by the conference centre in question?". Or is that ok too?
Correction. We know the following about Dual_EC_DRBG:
- NSA provided the NIST the required elliptic curves and recommended EC parameters p and q;
- If p and q are related in a certain way, there is a back door;
- The NIST paper gave instructions those who were suspicious and wanted to roll their own could use to generate their own values for p and q, and that those instructions, if used correctly, made the probability of a back door vanishingly small (but not exactly zero);
- The probability that normal developers and users would bother to pick their own p, q was small and, as far as I know, was not done commercially.
We do not know how the NSA produced the values given in SP-800-90 and its successors. In particular, we do not know that it was not done in the way describe in Appendix A of SP-800-90.
While I anticipate a substantial number of negative votes, I would much rather see a credible reference to a source that establishes whether or not the DRBG was corrupt in fact, rather than simply constructed in a such a way that it might have been.
@Tom, no down votes from me from asking reasonable questions. But also by the same token, you are asking for a very high level of proof. Unless they were incredibly stupid*, you will not find a smoking gun.
However there are some reasons to be suspicious. You have mentioned the codes in Appendix A already.
Some guy that knows a thing or two wrote:
"What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol."
Now check the date on that, it's a good 6 years pre Snowden so there's a lot of benefit of the doubt in that analysis that. But there is also confusion about why the NSA "was so insistent about including Dual_EC_DRBG in the standard"
Unfortunately you have the foxes guarding the henhouse here, so when they include unexplained constants then you have to be highly suspicious. They certainly have motive and capability to pull it off, and past behaviour hasn't painted them in a good light.
*As in letting nuke codes slip level of carelessness.
The NSA is on both sides of the issue here, in that they are responsible for creating and validating cryptographic systems on one hand and for analyzing and breaking them on the other. They seem to have insisted on improvements to DES, for reasons they did not state and did not become apparent for some years. They did less well in the case of the Clipper and Capstone chips that provided for key escrow, although the embedded Skipjack encryption apparently was relatively good.
They may have constructed the NIST recommended values with intent to weaken the Dual_EC_DRBG, or they may not; and available evidence seems not to have been produced. Their delivery of the P and Q values as "magic" numbers does not encourage optimism, but it is not proof. In any case, Dual_EC_DRBG's poor performance and observed bias discouraged its use in practice, or should have. Moreover, anyone who felt a need to use elliptic curves for pseudorandom bit generation had a usable recipe in freely available NIST publications for generating their own (different) parameters, which would not be vulnerable to any knowledge NSA might have acquired by prodcing their values dishonestly. However, the resulting DRBG probably would not have been marketable to the US government due to non-conformance with NIST SP-800-90 and its successors as well as rational doubt about the alternate parameters.
Yes, there is a fundamental incoherence between their two roles, and as a result you never know which hat they are wearing with a piece of advice.
With DES, the advice was a mixed bag. The algorithm tweak for reasons undisclosed at the time improved resilience to differential fault analysis attacks (Google Biham and Shinar) but they also leant heavily to reduce the key size to 48 bit (65536x weaker). They eventually agreed on 56 bit ("only" 256x weaker). So they plugged a mathematical hole that would have inevitably surfaced but left the key small enough for their computing cluster of the day to crack.
No, his point is that the requirements for proving someone to be a suspected terrorist will only become more and more vague, and soon someone might say that you are a terrorist, or the opposition party leader or any nr of uncomfortable people threatening the incompetent policitians, and we have a dictatorship that easily disposes of any political opposition.
Terrorists are also a very handy way of scaring the public into obediance. I have never seen one, and the few I have seen on TV and the horrible deeds they have done, are way too few to justify the massive dismantling of the very freedom that built modern europe.
As it is now, the terrorists are winning, because they have managed to manipulate politicians into turning europe into a silk dictature. It will only get worse and soon there will be europe, china, russia and us and they will have complete control over their citizens and cooperate to keep the same political clans in power indefinitely.
Hopefully there will be small enclaves of libertarianism left in the world, but I suspect that these few will be crushed eventually (look at what EU did with swiss bank secrecy for instance).
I think you'd have a point if hacking a phone to install an exploit on that phone was a strategy that lent itself to covert mass deployment. I don't think that is the case. I think it is a tool that would have to be used sparingly, its use would have to be rationed. I draw a distinction between this and the indiscriminate blanket gathering of data, where we all fall under surveillance and the state can then set their search criteria as broadly as they like.
You have to allow those we entrust with doing the job of catching terrorist the reasonable means to do their job - unless you believe there are no terrorists.
Of course I see the risks, as with eternal blue etc, of these tools leaking into the wrong hands. But with respect, that is a very different argument to the Orwellian one you raised.
I have always assumed that there are already standardised, and legally required, mechanisms in the baseband processors to allow certain remote operations from the air interface. In the past I assumed that included remote monitoring of audio and with the rise of smartphones I presume that includes some way to run code in a highly privileged environment (which can then be used to download and run anything they want). If so, these cannot be bypassed by anything you might install on the device.
The interesting question is whether these hacks only exist in chips for communications where a licence is required (and hence including the feature is a condition of the device getting the necessary licence) or whether they also now exist in chips for unlicensed usage (such as WiFi).
If I was a political activist, or an investigative journalist, and thought I was likely to be the subject of targeted surveillance from government agencies, I would assume anything with an air interface can be monitored.
Far worse. Far, far, worse. A gazillion times worse. Worse than the worsest thing you can imagine (other than Donald Trump as US president).
First of all, this is putting all your eggs in one basket. It's a one-stop shop for all your criminal needs. Every major government, ally or enemy, will try to find a way in. As will the bigger non-governmental criminal organizations. It's like the WannaCry vulnerability, but installed by the phone manufacturer. The bad guys just need to brute-force the access key or bribe or blackmail somebody with access to it.
Secondly, will Angela Merkel be happy at Donald Trump being able to use this? Nope, so you'll have a European backdoor and a US backdoor and maybe even a Russian backdoor installed on your phone, as standard. And each of them may decide to install extra malware to cripple the backdoors of the others.
Thirdly, we recently saw just how badly British police forces abuse IT systems for trivial, personal gain. Say goodbye to your private life if this happens, because May and Rudd will open it up to the police, council refuse collectors, uncle Tom Cobley and all. Because that's what they've already done with other data access statutes.
No it is not. Any backdoor in to encryption applies to everyone using a particular app or protocol, and it would effectively make open source illegal as you could not hide the state-mandated backdoor.
What we have here is the legalisation of 'police hacking' where we all know damn well that state actors and criminals are already doing it, with varying degrees of ability. Also such hacks are machine/OS dependant and rely on vulnerability not being independently discovered and patched* so it is not really suited to mass surveillance.
Is it going to be used for good? Probably in a lot of cases. Will it be abused? Almost certainly, but the question here is how much more than existing practices (admitted to or not) or any alternative that the ignoramuses that make up the political classes would attempt to enforce.
[*] = Most Android users are screwed then.
@Paul Crawford
Hmmmmmmm.
No it is not. Any backdoor in to encryption applies to everyone using a particular app or protocol... [remainder elided because I couldn't parse it to make sense]
A backdoor into a single encryption product does not necessarily allow control over the device. It may merely compromise the security of that particular product. It probably will allow further exploits, but it may not. This is something different. Access to the whole device and, therefore, the plaintext it sends/receives via any encryption product as well as contacts, call logs, calendar, porno apps, etc. Essentially it's a rootkit.
What we have here is the legalisation of 'police hacking'
Nope. That has already been done, in Germany at least. This is the implementation, not the legislation.
Police hacking is like any other hacking. First they have to find a vulnerable app on my phone, then exploit it. I may not be running any apps they have exploits for. The way this reads, they're expecting to find a welcome mat on my phone. On your phone. On everybody's phone.
Also such hacks are machine/OS dependant and rely on vulnerability not being independently discovered and patched
The article says there are no details of how this backdoor is going to be installed but that it is cross-platform. But to have any hope of being successful against random terrorists/paedophiles/political opponents it must either take advantage of an existing widely-deployed backdoor (in which case we're already fucked) or be mandated to be installed by the manufacturer. If they can't already put it on any phone they want to then expect legislation to mandate manufacturers to pre-install it.
Ooooh, surely they wouldn't implement legislation like that, did I hear you say? That's exactly what May and Rudd keep calling for with encryption apps. That's technically infeasible. This isn't.
This is something different. Access to the whole device and, therefore, the plaintext it sends/receives via any encryption product as well as contacts, call logs, calendar, porno apps, etc. Essentially it's a rootkit.
That is true, but equally as such it taints any evidence. Will be interesting to see how evidence gathered this way is challenged in court, and if the courts will side with any prosecution call to have the collection methods withheld from the defence team.
The way this reads, they're expecting to find a welcome mat on my phone. On your phone. On everybody's phone.
You mean they expect the current level of "push this shit software out now" development skill to continue?
If they can't already put it on any phone they want to then expect legislation to mandate manufacturers to pre-install it.
That comes down to how much, for example, a non-USA government can influence Apple or Google for phones, or Apple/MS for desktops. With fully open source systems they can't put it in without it being available to world+dog, and their methods disclosed, so its really not going to work. Sure they can try to outlaw free software and try to impose such things on imports, but only the likes of China can succeed as the population are used to such behaviour and the market big enough (and most hardware built there) to allow others to do the dirty work. The rest of the would is going to have a bigger fight as it comes down to either the USA going against its constitution and forcing multi-billion dollar companies to commit commercial suicide first, or other countries trying to get it imposed on imports with the inevitable kick-back.
Where as exploiting crap software is a tried and trusted method that we have seen used by criminals and spies for decades, so what is going to make suppliers try harder now?
Nothing in the Register article or the Deutche Welle article to which it links gives a reason to think police collection using the authorized hacking tools "taints" evidence more (or less) than a wiretap applied to telephones in the past or a listening device surreptitiously planted in an office or residence. German law probably differs in detail from British or US law, which would require a search warrant, but certainly would have formal procedures intended to (a) allow use in criminal proceedings when properly authorized and (b) prevent unauthorized use.
US law, and probably that of many other countries, already requires that communication providers include facilities for legal wiretaps. This sounds like a backstop for cases where, even with that in place, users make such arrangements that the providers cannot give access to the communication content.
We know that lawful wiretap provisions have been misused, most famously by *someone* who used Vodaphone's Ericsson switches to bug around a hundred Greek government officials in 2004 and 2005. Although the Register article (from 2007) calls out the NSA, the IEEE Spectrum article to which it links does not make attribution, and doing so would need to consider the overall international political environment of the period 2000 - 2004 and that there might have been others, including non-government organizations, with both the expertise and motive to exploit the locally available technical resources and execute the hack. The NSA certainly is a reasonable candidate, and this would, for them, have been (under the applicable US law and presidential executive orders going back many years) lawful foreign intelligence collection. As it would have been under the laws of most countries other than Greece. The IEEE Spectrum article, at
http://spectrum.ieee.org/telecom/security/the-athens-affair
is quite interesting and well worth reading.
I am a consumer of encrypted communications, mainly text and occasionally verbal. Our commercial encryption-decryption equipment is deliberately separated physically from the communications equipment, the only interconnection between the units are through opto-isolators, and the encryption-decryption equipment is powered from separate batteries (when portable) and separate power units when mains powered.
More importantly, the encryption-decryption equipment can only be programmed locally (i.e. physically, hands-on) using a key - which makes the programming more challenging.
Working for a provider of military equipment, we ensure that there is isolation in the data chain (again opto) and that the power supplies are from using ferrite filters and many individual power regulators powering different circuits in the encoder.
The military, and others have a preference for remote programming for encryption equipment, which might be understandable. If you analyse the the GPS military transmissions you will see that there is way more non-GPS traffic than enhanced location data. Daily and per-operation encryption codes are transmitted embedded in the GPS signal for air and ground assets - worldwide.
There is one area where clear voice transmissions occur - in passing drone~bomber infra-red signalling codes. The drone operator passes data to the bomb carrier, who dials the 4-digit code into the guided munition. Another example is where ground-based troops 'mark' or 'paint' a target with hand-carried equipment and pass the same 4-digit code to the bomb dispatcher.
This number is of interest to us since we make infra-red repeaters that capture the paint signature which can then be re-transmitted against another target - or empty terrain.
Interestingly most civilian encryption devices are integral in portable equipment including Fraunhofer as well as Secusmart (turns the BlackBerry Z10 into a self-contained secure communications device) support the German government made establishing universal and easy-to-use encryption part of its Digital Agenda. Rohde & Schwarz SIT GmbH ships 'bug-proof' cell handsets.
The much vaunted US <b<P25 universal radio system</b> has easy-to-use encryption and is equally susceptible to people who have an interest in gaining access to clear voice.
Easy-to-use encryption is adverse to good encryption techniques, excluding simple plug-in units.
But absolutely useless against "Outside the Envelope" attacks at points where the contents MUST be decrypted (such as during display since the Eyeball Mk 1 doesn't directly grok encrypted data). That's what the article is describing: "Outside the Envelope" attacks.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
