Risk
7/8/2013
11:48 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Encrypted IM Tool Vulnerable To Eavesdropping

Bugs in instant messaging encryption tool Cryptocat left users' group chats vulnerable to eavesdropping for over a year, says security researcher.

Even so, the developers said they'd revamped their messaging to would-be users. "We've added a new, more visible warning about Cryptocat's experimental status to our website!" the group tweeted Sunday. Likewise, the website where the software may be downloaded sports the following warning: "Cryptocat is not a magic bullet. You should never trust any piece of software with your life, and Cryptocat is no exception."

Thomas acknowledged that the developers' fix corrected the problem his DecryptoCat tool exploits. "For Cryptocat version 2.0.42 this will take 1,000 computer-years to generate [cracked keys], 500 computer-years on average to use, and 40 petabytes to store," he said. "So the only ones capable of doing this are large companies and governments."

Is Cryptocat now safe to use? In fact, Thomas said his bug report wasn't meant to be exhaustive, and warned against relying on the application for encrypted communications. "I'm sure there are plenty of bugs and other bad crypto in other parts because I only looked at random generation and found a bug, at public key algorithm and found a bug, and quickly looked where random is used and found something scary, and random (BigInt.randBigInt) used in two-party messaging and found a bug," he said.

The exploitable Cryptocat vulnerabilities are notable, given that interest in using encrypted communications tools has been growing in the wake of leaks by former National Security Agency (NSA) contractor Edward Snowden, who revealed the existence of numerous NSA data and metadata-interception programs.

But ensuring that communications can't be intercepted depends in large part on the applications not including exploitable vulnerabilities or bugs. For example, Bruce Schneier, chief security technology officer of BT, Monday detailed four techniques for protecting communications against snooping: use vulnerability-free applications, choose secure passwords, manage those passwords securely and know the threat you're facing.

Although Schneier's advice pertained to securing email, it also applies to chat -- and it's notable that the first tip is to use applications that don't include vulnerabilities. His reasoning is simple: No matter how great the cryptography used by an application, if someone wants to intercept messages sent using that application, they're going to first see if "breaking the engineering" might suffice. In the case of Cryptocat, prior to the patch, that would have been the case.

Then again, according to leaked NSA docs, the agency is legally allowed to retain encrypted communications indefinitely, meaning that simply by using an application such as Cryptocat, people might already be putting themselves at greater risk of having their communications intercepted and studied. Thus, anyone who used a vulnerable version of Cryptocat might have had their encrypted communications stored. With Thomas' bug information in hand, decrypting those messages would now be a trivial task.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web