Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

04:30 PM

The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy

Between KRACK, ROCA, new threats to SSH keys, and the European Commission's loosey-goosey stance on encryption backdoors, it's been a difficult time for cryptography.

BY DAWN KAWAMOTO AND SARA PETERS — This week started off with a bang when the KRACK key reinstallation attack vulnerabilities upended the security of Wi-Fi and the ROCA factorization bug made all trusted platform module chips suddenly less trustworthy. That isn't all the week had in store for the cryptography world, though.

Here's a rundown on the latest news on KRACK, ROCA, and the news you might have missed about SSH and encryption backdoor regulation.

SSH Keys Being Scanned by Attackers and Ignored by Security
SSH (Secure Shell) got a little jolt this week, as well. Wordfence, a security service for WordPress, discovered a threat actor scanning up to 25,000 systems a day looking specifically for vulnerable private SSH keys. The attacker is specifically scanning for terms like "ssh," "root," and "id_rsa," which might lead to a directory of private keys that was stored in the wrong place.

The rate of scanning for SSH keys from known-malicious IPs has continued at the same rate since Monday; roughly 25,000 systems per day, "which jumped up from just about zero," according to Mark Maunder, CEO and founder of Wordfence.

In response, Wordfence is helping users determine if they have publicly exposed private SSH keys by adding this capability to their Gravity Scan service to users. Maunder says that users must prove site ownership before Gravity Scan will provide vulnerability details.

SSH is a ubiquitous but often overlooked cryptographic network protocol created largely as a secure alternative to telnet and rsh/rsec. It's used for secure remote logins to remote computer systems and secure file transfer; it's used not only for WordPress but across admin-to-machine and machine-to-machine communications in all manner of Linux- and Unix-based systems. 

[Don't miss "Preventing Lateral Movement in Your IT Environment" with John Terrill, CISO of OPAQ Networks, at Dark Reading's upcoming INsecurity conference, Nov. 29-30 in the D.C. area.]

So far, Wordfence has not seen any active exploits as a result of this SSH key hunt. Maunder says that problems like this are often a result of users accidentally placing private keys in the wrong place because they don't know it's a risk. "It's really an education problem," says Maunder. 

In a survey released Tuesday, conducted by Dimensional Research on behalf of Venafi, 90% of respondents conceded that they do not have a complete and accurate inventory of all their SSH keys, "so there is no way to determine if keys have been stolen, misused or should be trusted," according to researchers.

The author of SSH, Tatu Ylonen, has himself lamented organizations' woeful management of SSH keys and has suggested improvements to his protocol to eliminate problems like the proliferation of rogue keys. For now, though, respondents to Venafi's study continue to commit the key management sins that SSH experts warn against. Forty percent of respondents do not rotate SSH keys at all, or only occasionally; 61% do not limit or monitor the number of administrators who manage SSH; 54% do not limit the locations from which SSH keys can be used (thereby making remote attacks easier); and 51% do not enforce "no port forwarding" rules (thereby effectively allowing users to bypass firewalls).

The Impact of KRACK
Key Reinstallation Attacks (KRACKs), which affect all modern Wi-Fi devices and access points, are hitting Cisco particularly hard. The networking giant released Thursday an updated security advisory on KRACK, noting 71 of its products had at least one or more of the 10 vulnerabilities tied to KRACK.

For Cisco's customers using these products, there are currently no fixes available and only a workaround for one of the 10 vulnerabilities, the company notes.

"Cisco will release software updates that address these vulnerabilities. There is a workaround that addresses the vulnerability in CVE-2017-13082. There are no workarounds that address the other vulnerabilities described in this advisory," the company stated.

In addition to the 71 products that are vulnerable to KRACK, Cisco has another 22 products it is actively investigating to determine if they are also at risk, the company notes.

Earlier this week, researchers at a Belgium university discovered the KRACK vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol that is used to secure Wi-Fi networks. These vulnerabilities can be exploited to allow attackers to decrypt data and information, hijack traffic, and other nefarious activities as the data and information moves across Wi-Fi networks.

The WPA2 encryption protocol flaws also have industry titans Microsoft, Apple, and Google hustling to develop patches for their devices, as TechCrunch reports.

Microsoft has a patch out for its Windows 7, Windows 8, Windows 8.1, and Windows 10 devices, but Apple is working to roll out a fix to customers and currently has a beta version of macOS, iOS, tvOS, and watchOS available for download, notes TechCrunch.

And while exact figures on the number of users who are affected by these KRACK vulnerabilities are not available, it would not be hard to envision millions of users could potentially be affected given the omnipresence of WPA2 encryption protocols in Wi-Fi devices.

The Electronic Frontier Foundation (EFF) released a few calming observations. One is that any attack would need to have an active antenna within range of the targeted wireless network and would require the interception and delay of many packets traveling on the Wi-Fi networks. The EFF states it's a complex task to trick a device and reset its encryption key as packets are actively being broadcast. Additionally, sensitive Wi-Fi traffic would not be affected by the WPA2 vulnerabilities if the site is encrypted with HTTPS.

European Commission Discusses Encryption
The European Commission this week revisited the topic of encryption backdoors. The EC seemed to subtly say no to backdoors when releasing the statement that it would support law enforcement when it encountered encryption "without weakening encryption at a more general level or affecting a large or indiscriminate number of people." However, its set of proposals to enhance law enforcement's ability to obtain the electronic evidence it desires include "to support Europol to further develop its decryption capability." It also stated that "in early 2018, the Commission will present proposals to provide for a legal framework to facilitate access to electronic evidence." (Emphasis not added.)

ROCA Rocks
Another crypto vulnerability revealed this week includes The Return of Coppersmith's Attack (ROCA). 

The ROCA flaw is found in the PC motherboard chipset inside Infineon Technology's Trusted Platform Module, which is used to store encryption keys, passwords, and certificates, reports Kaspersky's Threatpost.

When an RSA encryption key is generated, a remote attacker uses the value of a public key to compute the private key by crunching the numbers through practical factorization, according to researchers with the Centre for Research on Cryptography and Security at Masaryk University in the Czech Republic, Enigma Bridge in Cambridge, United Kingdom, and Ca' Foscari University of Venice, Italy. These researchers discovered the vulnerability.

Once the private key has been compromised, attackers can impersonate the legitimate owner, decrypt sensitive messages, engage in signature forgery, and other attacks, according to a blog post by the researchers.

The researchers discovered the flaws when inspecting a large number of RSA keys that were generated and exported from the manufacturer of smartcards. The group notified Infineon Technologies of the vulnerability in February and also reached out to other affected parties, such as, Microsoft, Google, HP, Lenovo, and Fujitsu, which have since released updates.

"We found and analyzed vulnerable keys in various domains including electronic citizen documents, authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP," the researchers stated. "The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable."

Researchers noted Friday that "Gemalto IDPrime .NET smart cards have been generating weak RSA keys since 2008 or earlier." You can check if keys are vulnerable here.

Related Content:


Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.


Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-07
The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, C...
PUBLISHED: 2021-05-07
The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK v...
PUBLISHED: 2021-05-07
Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipar...
PUBLISHED: 2021-05-07
VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance.
PUBLISHED: 2021-05-07
LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.