Everything you need to know about encryption and information security

Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. “They took this stuff which was fairly theoretical and they’ve made it much more practical,” he said.

They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.

This 8 minute video demonstrates how easy it is to penetrate a WEP protected WI-FI network. In case your network is using WEP encryption, any data passing through the network is exposed, including files, emails, documents, and passwords.

At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. A bootkit combines a rootkit with the ability to modify a PC’s Master Boot Record, enabling the malware to be activated even before the operating system is started.

Available as source code, Kleissner’s bootkit can infect any currently available 32-bit variety of Windows from Windows 2000 to Windows Vista and the Windows 7 release candidate. Stoned injects itself into the Master Boot Record (MBR), a record which remains unencrypted even if the hard disk itself is fully encrypted. During startup, the BIOS first calls the bootkit, which in turn starts the TrueCrypt boot loader. Kleissner says that he neither modified any hooks, nor the boot loader, itself to bypass the TrueCrypt encryption mechanism. The bootkit rather uses a “double forward” to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt. Kleissner tailored the bootkit for TrueCrypt using the freely available TrueCrypt source code.

Once the operating system has been loaded, Stoned can get to work and install malware, such as a banking trojan, in the system. Peter Kleissner, who is only 18 years old, has also included several plug-ins, for example a boot password cracker and a routine for infecting the BIOS. The framework layout of Stoned allows other programmers to develop their own plug-ins for the bootkit. Kleissner thinks that Stoned could also be of interest to investigation agencies, for example for developing a federal trojan.

Once installed, Stoned cannot be detected with traditional anti-virus software because no modifications of Windows components take place in memory, says Kleissner. Stoned runs in parallel with the actual Windows kernel. Even an anti-virus function in the BIOS can’t stop the bootkit, as modern Windows versions modify the MBR without referring to the BIOS.

However, administrator privileges or physical access to a system are required for an infection. At present, only machines running the traditional BIOS are vulnerable. The attack is unsuccessful when the BIOS successor the Extensible Firmware Interface (EFI) is at work on the motherboard. The most effective protection appears to be encrypting the entire hard disk with software that is based on the Trusted Platform Module (TPM).

For instance, using Windows’ own BitLocker encryption mechanism is said to be a reliable antidote, because an infected MBR’s hash value no longer corresponds to the hash value stored in the TPM, prompting the TPM to abort the boot process. Kleissner didn’t have an answer to the question whether a hardware-encrypted hard disk is capable of preventing an infection.

iPhone 3G – not yet ready for corporate usage, due to lacking security.

This quick demonstration shows how easily and how quickly law enforcement agencies and hackers are able to recover the raw disk image from an iPhone 3G[s]… and how anyone with a very basic skill set could get to all your live AND DELETED pictures, videos, contacts, email, and more.

The United States military has recently announced the creation of a new “cyber command”, which is intended to defend US interests. It should also give the US military the power to launch cyber offensives and wage war on the digital battlefield, in a bid to defend against the increasing threats against military computer networks.

This latest cyber command center will start operating in October and will take approximately one year to become fully operational. These announcements come at a time when cyber dominance has been viewed as an essential part of military strategy for the future, as the government has envisioned that it is just as important to have superiority on the digital battlefield as it is any other.

However, while the US military is embracing cyber warfare, many privacy advocates are concerned about the effects that such an offensive may have on privacy and other civil liberties. There is also a growing concern that this may lead to the militarization of cyberspace.

The United States has over seven million computers in its networks and it faces a real threat, as revealed by many recent penetrations of its networks. As a result, President Obama has announced that cyber security is to remain a top priority and revealed plans to create a national cyber defense coordinator to help advise and guide on issues.

By creating a cyber-deterrent, the government hopes to protect the USA against attackers from China, Russia and other rogue nations, which have built up a significant infrastructure to commit criminal cyber attacks against the United States and the western world.

At the same time, the White house promised to respect and safeguard privacy rights. However, after recent revelations regarding unlawful intercepts of domestic e-mail by the National Security Agency, it still remains uncertain how they will safeguard privacy and ensure that civil rights are maintained.

News Reports have recently surfaced revealing that the National Security Agencies surveillance of American citizens may be wider ranging than previously thought. A recent announcement by Congress suggested that the top secret spy organization’s monitoring of domestic internet traffic has gone beyond legal limits.

This news comes as a result of leaked reports detailing the NSA’s potentially unconstitutional actions, after a whistleblower revealed that the NSA were training analysts to monitor large amounts of domestic email. These reports have raised new concerns about the National Security Agency and sparked an investigation by the House Select Intelligence Oversight Panel.

In an age of increased domestic terrorism, it remains clear that authorities must be ever vigilant but many of these actions are flagrant and direct violations of the constitution. Much of this spying on American citizens has gone on without any form of court warrant, so technically it is illegal.

Because of the increase in domestic and international surveillance, the NSA has been targeting everyday communications that may or may not pertain to active terror investigations. This is in direct breach of the constitution and also countless privacy laws.

Given the difficulties exposed in identifying and separating domestic email foreign emails, laws were passed in order to ensure the protection of the National Security Agency. The NSA then exploited these laws to collect many millions of domestic e-mail records.

It would seem that everyday e-mail communications are no longer safe, and as a result even the average citizen should take precautions when sending sensitive information via email.

After these damning details were revealed, the National Security Agency refused to comment other than to provide a standard statement detailing that ‘technical errors can and do occur.’

The British Government has recently announced the creation of a new agency focused on cybersecurity, as one of the latest measures to provide the country with a way to respond to the ever growing threat of digital attack.

The Office of Cyber Security (OCS) will be the first dedicated agency for the defense of the government’s critical IT infrastructure. This new agency will be similar to US based cyber-command operations. The OCS’s strategic headquarters will be located in a top of the range facility based at the Government Communications Headquarters (GCHQ) in London.

The OCS will act not just to deal with the realms of cyberattack and defense, but they will also serve as liaison between the government and the information security industry. Effectively, the OCS aims to unify the security policies of the Ministry of Defense, intelligence services and the police.

Parts of these recent announcements reveal that the UK government will develop capabilities to launch aggressive attacks against identified cyber threats to the country. These capabilities include the ability to launch denial of service attacks and remote spying capabilities.

This new cyber security agency will initially start with a small team of highly trained experts. Based on successful models of the US cyber-command department, they will mirror themselves primarily on the United States’ success.

It seems clear that the United Kingdom wants to make it known that it will not be an easy victim, after many European countries have came under recent cyber attacks thanks to lackadaisical security policies and out of date hardware. The question still remains, though, as to whether or not the OCS will succeed in their vision to make UK cyber security virtually impenetrable.

Whether or not this proves to be a success remains to be seen.

Recently, reports have surfaced that the non jailbroken versions of the highly popular Apple iPhone may be vulnerable to direct memory attack, because of attempts to force execution of unsigned code.

A student at the University of Milan recently announced that he had found a way to force unsigned code to be run using a sophisticated memory hack.

Limitations imposed by Apple code-signing requirements have meant that security researchers had overlooked non jailbroken phones due to the native security already present. The general consensus was that difficulties in exploiting a platform requiring code signing, such as the iPhone, are wide ranging and innumerable, compared to the exploiting of other more mundane devices.

Thanks to software updates dealing with existing security issues, Apple has managed to create a device that is relatively secure because of their proprietary code-signing requirements. This code signing has resulted in enhanced security for the iPhone device, when compared to other more open platforms.

The details of the announcement regarding this potential exploit show that hackers can upload non-executable code to memory and then, by simply changing a register, can make that code executable. With the latest version of the iPhone operating system due to ship any day now, this may only be a temporary problem.

But if this attack exists and remains un-patched, the possibilities for remote attackers to exploit the Apple iPhone are endless. It could range from remote eavesdropping to stealing sensitive information and credit card details.

Whilst the Apple platform is fundamentally secure due to the way the software company has locked the iPhone down, numerous vulnerabilities have been revealed in the past.

With the new iPhone 3.0 OS, it will be interesting to see which vulnerabilities Apple managed to eliminate and also what weaknesses the new operating system will create.

Software giant Microsoft still has to act regarding the potential dangers of insufficient wireless keyboard security. Microsoft, which produces millions of keyboards and input devices each year, has yet to acknowledge the threat which was originally discovered over two years ago.

The vulnerability is essentially a man-in-the middle attack, which uses a hidden receiver to secretly record keystrokes on the 27MHz wireless frequency. With little more than a PCB and software, it can decrypt keystrokes in real time.

This attack intercepts wireless transmissions from Microsoft keyboards which use a redundant XOR 8-bit encryption algorithm.  This encryption algorithm has been vulnerable to cryptographic attack for some time, and an 8-bit key is insufficient to protect data.

The hardware used to carry out this attack was essentially a Texas instruments wireless receiver, controlled by an 8-bit controller. The price of purchasing such equipment is minimal, and the software required is freely available online.

Because of this, it is possible to construct a PCB type interface to remotely intercept and decrypt keyboard traffic for just a few dollars. Potential attackers need only walk past an affected keyboard to execute this attack. With increased adoption rates of wireless peripherals, more people are at risk than ever before.

Security is as strong as its weakest link. As a result of Microsoft’s use of light-weight cryptography in protecting key strokes, there are potentially millions of keyboards at risk. The only solution for industries that depend on wireless technology is to move towards more advanced Bluetooth technology, in order to minimize the risks of cryptographic attack.

However, more advanced side-channel attacks will still be a possibility for attackers, as even wired keyboards are vulnerable to techniques that exploit electromagnetic emissions.

For the average consumer, data theft equates to the threat of having personal information stolen, bank records and maybe credit card details.  This can allow hackers to perpetrate identity fraud and whilst it can cause significant harm against an individual there are now a great many countermeasures in place to try to protect against date theft in an individual perspective.

However, for corporations there exists a real and identifiable threat.  This threat exists not only from hackers, but also from former employees and that bears a grudge or grievance against the company.  With the advent of digital storage and the popularity of road warriors, highly sensitive data is travelling a lot more than it should and we are now being exposed to the risks of data loss as well.

For many corporations, the thought about data security does not go beyond a firewall and an IT support team that are supposed to know what they are doing.  The truth is many IT teams in today’s corporate world are complacent in their methodology often using redundant technologies, which ultimately means more expense for the corporation.

How do you eliminate the risks of data theft? It is quite simple – you eliminate the value of that data by using technologies to ensure that if third parties may have a chance to acquire it, then it will be worthless.

Gold Line Group Ltd. works with IT executives to develop secure policies that ensure cryptography is not merely a buzzword technology, but a vital and lifesaving way to ensure accountability and also mitigate any losses.