When a researcher begins looking for a vulnerability, going for the invisible is good -- and if you can find something visible in the biggest social media platform on earth, so much the better. That's what Paul Grubbs, a Ph.D. candidate in computer science, did when he began exploring abuse of the reporting protocol used for Facebook "secret conversations."
Grubbs says that, internally, Facebook calls the messages within Messenger "salamanders." The secret messages were those related to Facebook's abuse reporting system, which could become lost within the Messenger stream. The vulnerability he found revolved around these salamanders that became invisible through a cryptographic flaw. And, as he and others discovered, invisible salamanders weren't limited to Facebook.
Grubbs points out that true cryptographic flaws are quite uncommon. Instead, according to a maxim in the cryptographic world, "Cryptography is never actually broken in practice, it's always bypassed," he says. "And I find that that's generally pretty true. Genuine cryptographic flaws are comparatively rare."
In the case of the invisible salamander vulnerability, the encryption algorithm itself is vulnerable, and Grubbs says that the mathematics required to exploit the vulnerability are relatively simple. How simple?
"I will say that somebody with most of an undergraduate degree in mathematics can do these attacks and understand them," Grubbs says.
While it's important to understand the principles behind modern encryption methods, Grubbs says, it's more important for security professionals to be wary of treating the encryption piece of the cybersecurity architecture as a perfect black box.
"In some settings that black box kind of doesn't act, well, like a black box," he says. "Sometimes it leads to vulnerabilities, but it always leads to something unexpected, which in security is definitely something you want to avoid."
One such "unexpected" result comes in authenticated encryption schemes -- the kind found sitting at the heart of most secure transport protocols. Grubbs says we often think of these as being like physical lockboxes, where we put messages in and lock them up. If an adversary finds the lockbox, they lack the key to let them look inside. Simple enough.
But Grubbs says that modern schemes are more like boxes that can be unlocked to reveal several different messages, depending on which key you use to unlock them. And this advanced application makes it more likely that a flaw in the encryption algorithm can be exploited.
The cryptographic vulnerability Grubbs found is a "latent vulnerability," he says, with an issue intrinsic to the algorithm. "It's an implementation that isn't necessarily vulnerable as it's being used now," he says. "But if somebody were to use it in a different way or apply it to a new system or a new protocol, then it would become vulnerable."
"[Today] the symmetric, authenticated encryption schemes that people are likely to use, that are likely to be available in libraries, aren't suitable for many threat models," Grubbs says. "And people need to be aware that there are severe attacks that can result from misusing authenticated encryption schemes that are widely available."
Grubbs will provide more details of his research and the vulnerabilities discovered in his Black Hat Briefing, "Hunting Invisible Salamanders: Cryptographic (in)Security with Attacker-Controlled Keys," on Thursday, August 6, at 12:30 p.m. PDT.