Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

7/23/2020
10:30 AM
Curtis Franklin Jr.
Curtis Franklin Jr.
Edge Articles
50%
50%

Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness

A Black Hat presentation will discuss how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages.

 

When a researcher begins looking for a vulnerability, going for the invisible is good -- and if you can find something visible in the biggest social media platform on earth, so much the better. That's what Paul Grubbs, a Ph.D. candidate in computer science, did when he began exploring abuse of the reporting protocol used for Facebook "secret conversations."

Grubbs says that, internally, Facebook calls the messages within Messenger "salamanders." The secret messages were those related to Facebook's abuse reporting system, which could become lost within the Messenger stream. The vulnerability he found revolved around these salamanders that became invisible through a cryptographic flaw. And, as he and others discovered, invisible salamanders weren't limited to Facebook.

Grubbs points out that true cryptographic flaws are quite uncommon. Instead, according to a maxim in the cryptographic world, "Cryptography is never actually broken in practice, it's always bypassed," he says. "And I find that that's generally pretty true. Genuine cryptographic flaws are comparatively rare."

In the case of the invisible salamander vulnerability, the encryption algorithm itself is vulnerable, and Grubbs says that the mathematics required to exploit the vulnerability are relatively simple. How simple?

"I will say that somebody with most of an undergraduate degree in mathematics can do these attacks and understand them," Grubbs says.

While it's important to understand the principles behind modern encryption methods, Grubbs says, it's more important for security professionals to be wary of treating the encryption piece of the cybersecurity architecture as a perfect black box.

"In some settings that black box kind of doesn't act, well, like a black box," he says. "Sometimes it leads to vulnerabilities, but it always leads to something unexpected, which in security is definitely something you want to avoid."

One such "unexpected" result comes in authenticated encryption schemes -- the kind found sitting at the heart of most secure transport protocols. Grubbs says we often think of these as being like physical lockboxes, where we put messages in and lock them up. If an adversary finds the lockbox, they lack the key to let them look inside. Simple enough.

But Grubbs says that modern schemes are more like boxes that can be unlocked to reveal several different messages, depending on which key you use to unlock them. And this advanced application makes it more likely that a flaw in the encryption algorithm can be exploited.

The cryptographic vulnerability Grubbs found is a "latent vulnerability," he says, with an issue intrinsic to the algorithm. "It's an implementation that isn't necessarily vulnerable as it's being used now," he says. "But if somebody were to use it in a different way or apply it to a new system or a new protocol, then it would become vulnerable."

"[Today] the symmetric, authenticated encryption schemes that people are likely to use, that are likely to be available in libraries, aren't suitable for many threat models," Grubbs says. "And people need to be aware that there are severe attacks that can result from misusing authenticated encryption schemes that are widely available."

Grubbs will provide more details of his research and the vulnerabilities discovered in his Black Hat Briefing, "Hunting Invisible Salamanders: Cryptographic (in)Security with Attacker-Controlled Keys," on Thursday, August 6, at 12:30 p.m. PDT.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Johannes Bauer
50%
50%
Johannes Bauer,
User Rank: Author
7/23/2020 | 1:27:51 PM
The difficulty of cryptographic constructions
The story sounds quite intriguing. I agree with the author that it's usually not cryptographic primitives that fail, but instead constructions, protocols and/or implementations. Similar to how authentication is secure, block ciphers are secure, but authenticate-then-encrypt might give way to padding oracle attacks.

In the text and linked BlackHat synopsis, the author describes how multiple messages under an AEAD scheme like AES-GCM can be decrypted successfully by multiple keys. I'd say it is unsurprising they decrypt (any key will decrypt the message, just most of the messages would be garbage), but for the security properties of any AEAD construction to hold, the authentication tag should be invalid for the message afterwards. The text reads like the author may have found a way where in specific constructions this is not the case, so I am very excited to read more details about the attack.

The number one reason why I love applied cryptography. You never stop learning :-)

Best, Johannes
   OVER THE EDGE
Building Cybersecurity Strategies in Sub-Saharan Africa

Filmed for Dark Reading News Desk at Black Hat Virtual.

LAURA TICH: We have that imbalance, where the big organizations are more protected, where the smaller ones -- which are the most common businesses in the region -- they are least protected... Sometimes they do get the tools, they do get the funding to buy some critical tools, but there's a lack of skills to handle or people who understand how to work those tools. So there are a lot of factors that contribute to our growth -- or lack thereof -- in the cybersecurity industry.

 

Name That Toon: Tough Times, Tough Measures
Latest Comment: Wear a mask, please!
Flash Poll