Google Authenticator Weaknesses

google-authenticator-05-320x535Earlier this year, we submitted a bug to Google for the Google Authenticator app on Android. Basically, the bug we submitted is that the secret key (the private code that when combined with an accurate source of time creates the one-time-use codes for use with Google’s open-sourced two factor authentication) is stored in the clear on Android devices. Google’s response was that this was behaving by design, and that not the system controls around the filesystem are sufficient to protect this information.

We humbly disagree.

Rooted devices get around these system controls that protect these secret keys. So would any malware that performed a privilege escalation exploit. And most importantly, backups of the phone (using a tool such as Titanium Backupcontains these secret keys in the clear. (Note: Google’s built-in capability for backing up Android devices excludes this file from backups.)

In my opinion, you don’t want these secret keys to be that easy to obtain. The easy answer would be to ensure Google Authenticator encrypted its internal database. Unfortunately, more than 1/3 of Android devices in the marketplace are running Android 2.x or older, meaning they don’t have any ability for storage encryption. Newer devices have the capability, but it is up to the individual to enable it. (Unlike the iPhone, which since iOS4 has had encrypted storage available for apps to take advantage of.)

Again with some more innovation, Authy (see earlier post) always encrypts the secret keys in storage. As mentioned earlier, since many Android devices do not have native storage encryption, Authy had to devise their own method to do this encryption in storage. According to Authy:

Encryption is a simple AES-256 using certain parameters of your phone as a key and some secrets stored in the Authy Binary. This is not bullet-proof and we know it. A good determined attacker can break this encryption. But it was only designed to prevent someone getting access to your computer backups or simple malware stealing your data to get your keys, for that it works great.

Authy understood that this was an important fact to consider and did what was possible to help protect the information on phones. And most impressively, they realize that it is not bullet-proof. It is meant to improve the state of the art, and decrease the chance of a leak of anyone’s secret key.

I wish that Google had decided otherwise with their Authenticator app. In the meantime, consider me an Authy user.

Posted August 5 2013

Mobile Security Battle Royale

toddlers with mobile phonesLast week at the RSA Conference I had the opportunity to attend the “Mobile Security Battle Royale“, featuring a great panel of experts on mobile phone security. Moderated by Zach Lanier, the panel featured Tiago Assumpção and Collin Mulliner paired off against Charlie Miller and Dino Dai Zovi (co-authors of iOS Hacker’s Handbook). 

As many great panels typically do, this panel featured no slides and no set talking points. Instead, Zach asked the panel some great questions to just get the ball rolling, and the panel started firing off great quotes left and right. I got busy live-tweeting the session and got (and re-tweeted) a few great quotes from many of the panel members which I have embedded below.

One of the recurring themes was “which is better”, comparing iOS to Android. BlackBerry/RIM got a few mentions as well since Tiago worked for RIM for a long time. The panelists did not come to any final conclusion, all the platforms have their benefits and their drawbacks. However, as a “battle royale”. there was a certain amount of desire from the moderator and the audience to declare a winner. My belief is that currently iOS is currently ahead, but the battle is close. The reason I’d tip my hat toward iOS at this time is for two reasons. First, it is slightly more expensive and difficult to get an app into the Apple App Store than Google Play, which makes things slightly more difficult for malware developers. Second, Apple iOS devices are generally running the latest version of the operating system, unlike the fractured Android ecosystem which has over half of the active devices running multiple major revisions behind.

Enjoy these quotes (paraphrased a little, I don’t have an eidetic memory) from this great panel discussion. I look forward to the rematch at next year’s conference.

Posted March 5 2013

Product Review: The hiddn Crypto Adapter Offers Secure USB Storage

Recently I had the chance to test out a clever little device called the hiddn Crypto Adapter. Made by Norway-based High Density Devices, the adapter looks somewhat like a miniature desk calculator with a USB port instead of a display, but its simple appearance belies some powerful functionality: transparent, real-time encryption of USB drives with two-factor authentication.

The adapter essentially acts as a proxy between your computer and a USB drive, meaning it needs no software, has no operating system requirement, and works with everything from a flash memory stick to an external hard drive. All communication with the USB device is encrypted on the fly using 256-bit AES via a certified FIPS 140-2 Level 3 crypto module, but the key isn’t stored on the drive: at the front of the hiddn adapter is a smart card slot.

When you insert a smart card, you have to enter the corresponding PIN code to use it. (After three unsuccessful attempts, the card becomes locked until a longer PUK code is given.) The device does not appear as an active USB device in the OS until a card is verified, and becomes “unplugged” when the card is removed. The encryption key (or half of it in split-key mode) stays on the smart card, making an encrypted drive unusable without it.

Setting up and operating the hiddn system is very straightforward. You connect it to your computer with a USB cable, plug a drive into the top USB port, insert your smart card, and then enter your PIN. From there, the experience is no different than using a USB drive normally – there’s not even a difference in speed.

When I first connected an unencrypted drive on a Windows machine, it appeared as an unformatted drive. After formatting, it behaved just as it would when plugged in directly. (A few times I had to reconnect the adapter to get Windows to recognize a new drive if I didn’t “eject” the drive first or tried a bad PIN, but those were minor issues.) Trying to use the drive without the hiddn adapter after it had been encrypted brought up another prompt to format – Windows could tell there was a volume, but it was completely unreadable.

After using the hiddn Crypto Adapter for a short time, I started wondering why no one else had thought of it before – or at least why I’d never heard of it before. It’s a great tool for anyone wanting a no-hassle method to encrypt removable storage. The only potential drawback is pricing; two adapters and two sets of pre-configured smart cards can run almost $900. High Density Devices offers a few different packages of units and cards, ranging from one of each to ten, as well as an enterprise key management system for creating new cards. But while some users may find hiddn too expensive for personal use, its flexibility, ease-of-use, and high security make for a combination that’s hard to beat.

Posted June 2 2011

Whose hands are your mobile apps in?

Another iPhone killer is here. DROID. Whether you’re a fan of either product, or you’re still thumbing away on your Blackberry or WinMo device, there’s one thing to be said. There are plenty of apps now. A couple years ago it was a pretty daunting task to get any sort of application on your device that wasn’t already on your carrier’s supported list. WinMo users have been the only real open crowd here as every version of Windows Mobile has supported most of the older apps since the Windows CE days. But with the rise of more and more applications comes the rise of the risks associated with these applications.


Posted November 13 2009

AVC Advantage Attack

Questions about the trustworthiness of electronic voting machines have been in the news a lot over the last few years. Plenty of people acknowledge the potential for abuse of these machines, and discussions of how they can be used to swing elections are pretty common. A trait that these discussions share are hypothetical scenarios or instances where an attacker would need to have some kind of esoteric/insider knowledge about the hardware and/or software running the machine to mount an effective attack.

However, I recently came across a video detailing a real attack against a real voting machine, carried out by real engineers, using real tools and data, and showing very real results.

The Sequoia AVC Advantage, a pretty old piece of electronic voting equipment, was broken pretty badly by hardware reverse engineering and return-oriented programming. The following video shows how it was done by a team of computer scientists and engineers from the University of California, San Diego, the University of Michigan, and Princeton University:

More about the attack details here.

What’s really interesting is the ease in which they were able to get a voting machine to play with in the first place. They didn’t steal one or bribe a government worker. Instead, they bought 5 of them… online… from a government surplus auction for less than $20 a pop. Craziness… especially considering some states still use these same machine models. A few months later and these guys have a well-structured attack that can swing the vote any way they want.

This just goes to show how thin the line is between hypothetical voting machine attacks carried out by insiders with special knowledge and real voting machine attacks carried out by smart people with a couple of dollars and some spare time on their hands.

Posted August 14 2009

Laptop Losses By The Numbers

ibm-thinkpad-laptopA recent study on lost laptops by Dell and the Ponenom Institute show how important data protection and encryption are, especially for portable devices. Here are some of the findings.

  • 12,000 laptops are lost in US airports each week.
  • 65-70% are never reclaimed.
  • 53% carried sensitive corporate information.

Guess how many of those machines were protected with encryption.

You can read the entire report [pdf] and find out on page 7.

Posted August 7 2009