Risk
7/8/2013
11:48 AM
50%
50%

Encrypted IM Tool Vulnerable To Eavesdropping

Bugs in instant messaging encryption tool Cryptocat left users' group chats vulnerable to eavesdropping for over a year, says security researcher.

Even so, the developers said they'd revamped their messaging to would-be users. "We've added a new, more visible warning about Cryptocat's experimental status to our website!" the group tweeted Sunday. Likewise, the website where the software may be downloaded sports the following warning: "Cryptocat is not a magic bullet. You should never trust any piece of software with your life, and Cryptocat is no exception."

Thomas acknowledged that the developers' fix corrected the problem his DecryptoCat tool exploits. "For Cryptocat version 2.0.42 this will take 1,000 computer-years to generate [cracked keys], 500 computer-years on average to use, and 40 petabytes to store," he said. "So the only ones capable of doing this are large companies and governments."

Is Cryptocat now safe to use? In fact, Thomas said his bug report wasn't meant to be exhaustive, and warned against relying on the application for encrypted communications. "I'm sure there are plenty of bugs and other bad crypto in other parts because I only looked at random generation and found a bug, at public key algorithm and found a bug, and quickly looked where random is used and found something scary, and random (BigInt.randBigInt) used in two-party messaging and found a bug," he said.

The exploitable Cryptocat vulnerabilities are notable, given that interest in using encrypted communications tools has been growing in the wake of leaks by former National Security Agency (NSA) contractor Edward Snowden, who revealed the existence of numerous NSA data and metadata-interception programs.

But ensuring that communications can't be intercepted depends in large part on the applications not including exploitable vulnerabilities or bugs. For example, Bruce Schneier, chief security technology officer of BT, Monday detailed four techniques for protecting communications against snooping: use vulnerability-free applications, choose secure passwords, manage those passwords securely and know the threat you're facing.

Although Schneier's advice pertained to securing email, it also applies to chat -- and it's notable that the first tip is to use applications that don't include vulnerabilities. His reasoning is simple: No matter how great the cryptography used by an application, if someone wants to intercept messages sent using that application, they're going to first see if "breaking the engineering" might suffice. In the case of Cryptocat, prior to the patch, that would have been the case.

Then again, according to leaked NSA docs, the agency is legally allowed to retain encrypted communications indefinitely, meaning that simply by using an application such as Cryptocat, people might already be putting themselves at greater risk of having their communications intercepted and studied. Thus, anyone who used a vulnerable version of Cryptocat might have had their encrypted communications stored. With Thomas' bug information in hand, decrypting those messages would now be a trivial task.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-7839
Published: 2014-11-25
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

CVE-2014-8001
Published: 2014-11-25
Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

CVE-2014-8002
Published: 2014-11-25
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?