This week we learned of the Superfish Adware preinstalled on Lenovo computers, which used a tool from Komodia.com to disable the security in SSL communications. It turns out that the use of Komodia’s package was more widespread than just Superfish, and there may be millions of computers out there vulnerable to attack by fake HTTPS web sites. Komodia offers a discount if you have more than one million installs per month! The attack is trivial and the details have now been published. You don’t even have to guess the top secret Komodia password, which turns out to be “komodia”. The Komodia.com web site is currently down due to a DDoS attack that many might consider well deserved.
SSL encrypts communications between the browser and the host, using a signed certificate. In order to guarantee the web site you are talking to is the real BankAmerica.com and not a fake with a fraudulent certificate, reputable sites get their certificates from a trusted certificate authority. Your browser will have a list of these trusted authorities, and will notify you if it sees a certificate which has been issued by anyone else. Superfish wants to intercept this encrypted communications so that they can replace the display ads that the web site publisher is getting paid for with ads that they are getting paid for. Apart from being theft of revenue from the web site publisher, to do this they have to decrypt the SSL communications. However, to trick the browser into thinking that it is still taking part in an SSL communication, the messages is re-encrypted using a Komodia key, which has been added to the list of trusted keys by the Superfish installation process.
This is not a new technique. Many corporate firewalls do something similar at the boundary of a corporate network in order to scan for malware or detect data exfiltration. It is possible to do this in a way that is reasonably secure. However, the Komodia implementation is flawed in a couple of basic ways that open up huge vulnerabilities. First of all they use the same certificate on all computers, and it is protected with weak password. That means that anyone else can take that certificate and use it to guarantee the integrity of a fake web site that pretends to be a bank or online merchant. Any computer with Superfish installed will trust that site because it has been told to trust the Komodia certificate. This technique can also be used to take the SEC out of DNSSEC and remove the P from VPN. Secondly, Superfish does not always issue warnings properly when it sees a untrusted certificate, if the web site domain is listed in the alternative name field of the certificate. You don’t even need to guess the Komodia password to exploit this vulnerability.
To test if you are vulnerable to the second attack, click here and if you get a warning, your computer is not compromised. If it is, Lenovo has issued a Superfish removal tool which you should use right away.
Another software package has just been discovered which introduces a similar vulnerability, PrivDog created by Melih Abdulhayoglu. Abdulhayoglu is the CEO of certificate authority Comodo, who really ought to know better than accept self signed certificates without a warning. There are probably more to come as security researches start investing more apps for self signed certificates. However, abuse of the chain of trust is nothing new. Until Android release 4.4 it was possible for apps using self signed certificates to appropriate special powers granted to trusted certificates on the Android signed by major developers such as Adobe and inject code into other applications.
The Superfish/Komodia story comes on top of the revelations that the NSA has obtained the root certificate for almost every phone SIM card in the world, enabling them to listen in on encrypted 3G and 4G mobile communications. Just before that Kaspersky revealed the “Equation Group” (also probably the NSA) have developed and distributed amazingly sophisticated and persistent malware that can infect airgapped computers by memory stick and survive even a hard disk reformat by compromising the hard drive firmware. Now that the possibility has been established I expect to see other nation states doing this within a year or two and criminal malware within three or four years.
It’s clear from all this that Internet security is fundamentally broken. It is all too easy for a determined attacker to compromise almost any system or intercept almost any communications, or for a company to open up a huge vulnerability on millions of devices simply through carelessness. Depending on your allegiance and political beliefs you may believe that it is OK for the NSA or GCHQ to have unlimited access to international and even domestic communications. However, the techniques that they use to monitor the Internet will eventually become available to others, either by direct leaks or by discovery and reverse engineering. If the NSA can do this, then pretty soon so will the Russians, the Chinese, and eventually even the Nigerian Yahoo Boys.
Last night I watched Citizenfour, the Oscar winning documentary about Edward Snowden. One of the things it revealed was the remarkable lengths that Snowden and the journalists reporting his story had to go to maintain secure communications. At one point in the movie, Snowden drapes a blanket over his head and keyboard while entering a password, in case there is a video camera planted in his hotel room.
It may seem like paranoia, but in fact that is the sort of measure that we have to take these days to protect our privacy from all comers.
In 1956, Isaac Asimov wrote a science fiction story called The Dead Past, in which a powerful government attempts to suppress use of a machine that can view the past. When a rogue scientist invents a home version of the machine it turns out that the government was doing this to prevent the machine being used to spy on people, as it has the power to look anywhere in the world as little as one second in the past. By the time the this is revealed, the plans have already been released.
Araman stood up. “We’ll try, Potterley, but I agree with Nimmo. It’s too late. What kind of a world we’ll have from now on, I don’t know, I can’t tell, but the world we know has been destroyed completely. Until now, every custom, every habit, every tiniest way of life has always taken a certain amount of privacy for granted, but that’s all gone now.”
He saluted each of the three with elaborate formality.
“You have created a new world among the three of you. I congratulate you. Happy goldfish bowl to you, to me, to everyone, and may each of you fry in hell forever. Arrest rescinded.”