Risk
7/8/2013
11:48 AM
50%
50%

Encrypted IM Tool Vulnerable To Eavesdropping

Bugs in instant messaging encryption tool Cryptocat left users' group chats vulnerable to eavesdropping for over a year, says security researcher.

Even so, the developers said they'd revamped their messaging to would-be users. "We've added a new, more visible warning about Cryptocat's experimental status to our website!" the group tweeted Sunday. Likewise, the website where the software may be downloaded sports the following warning: "Cryptocat is not a magic bullet. You should never trust any piece of software with your life, and Cryptocat is no exception."

Thomas acknowledged that the developers' fix corrected the problem his DecryptoCat tool exploits. "For Cryptocat version 2.0.42 this will take 1,000 computer-years to generate [cracked keys], 500 computer-years on average to use, and 40 petabytes to store," he said. "So the only ones capable of doing this are large companies and governments."

Is Cryptocat now safe to use? In fact, Thomas said his bug report wasn't meant to be exhaustive, and warned against relying on the application for encrypted communications. "I'm sure there are plenty of bugs and other bad crypto in other parts because I only looked at random generation and found a bug, at public key algorithm and found a bug, and quickly looked where random is used and found something scary, and random (BigInt.randBigInt) used in two-party messaging and found a bug," he said.

The exploitable Cryptocat vulnerabilities are notable, given that interest in using encrypted communications tools has been growing in the wake of leaks by former National Security Agency (NSA) contractor Edward Snowden, who revealed the existence of numerous NSA data and metadata-interception programs.

But ensuring that communications can't be intercepted depends in large part on the applications not including exploitable vulnerabilities or bugs. For example, Bruce Schneier, chief security technology officer of BT, Monday detailed four techniques for protecting communications against snooping: use vulnerability-free applications, choose secure passwords, manage those passwords securely and know the threat you're facing.

Although Schneier's advice pertained to securing email, it also applies to chat -- and it's notable that the first tip is to use applications that don't include vulnerabilities. His reasoning is simple: No matter how great the cryptography used by an application, if someone wants to intercept messages sent using that application, they're going to first see if "breaking the engineering" might suffice. In the case of Cryptocat, prior to the patch, that would have been the case.

Then again, according to leaked NSA docs, the agency is legally allowed to retain encrypted communications indefinitely, meaning that simply by using an application such as Cryptocat, people might already be putting themselves at greater risk of having their communications intercepted and studied. Thus, anyone who used a vulnerable version of Cryptocat might have had their encrypted communications stored. With Thomas' bug information in hand, decrypting those messages would now be a trivial task.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVE-2014-9709
Published: 2015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.