720-891-1663

As Governments Work to Ban Encryption, Cracks in Secret Encryption Become Public

While legislators in a variety of countries are trying very hard to ban encryption, vulnerabilities in existing encryption implementations are surfacing.

While none of the proposed encryption bans are laws yet in the U.S., it doesn’t mean that people aren’t trying.

More importantly, companies have for years thought that security by obscurity is a good security strategy.

That is true, but likely only for the hacking community. They have no incentive to share the vulnerabilities that they find so that the vendors can fix the bugs.

What we, in fact, need is more encryption and more public encryption.

The US federal government, which is responsible for standardized encryption algorithms has been very publicly vetting the next generation of post quantum crypto. After getting snookered by the NSA’s “help” last time, people are looking even harder for backdoors in these new algorithms.

Speaking of backdoors, the encryption used in TETRA radios used by first responders and critical infrastructure around the world has been one of these “secrets” for years now. Because of the secrecy, researchers have not, up until now, examined the security of these solutions. The use of secret, proprietary crypto has allowed communications in a wide array of radios such as GSM, GMR, GPRS, DMR and P25, to be cracked. P25 is the standard used by most law enforcement in the United States.

The Midnight Blue researchers got a grant to check out the security of TETRA. They found five bugs, one of which reduced the 80 bit key size (which is really not strong enough anyway) to something that can be brute forced on consumer hardware in minutes.

According to the researchers, just like the NSA “helped” NIST with the last generation US encryption standard (by paying off RSA to be their front and offer a weakened elliptic curve key that they could break), the researchers said that the TEA1 encryption algorithm seems to be reasonably secure.

Except for this one computational step that was added that serves no purpose other than the reduce the encryption’s effectiveness to a point that most anyone can crack it. Likely 99% of law enforcement and critical infrastructure that use TEA1-based encryption do not know – until now – that their communications are not private.

The researchers waited 18 months before they disclosed their research and they will speak at Black Hat next month. Hopefully a few of the systems will be patched by then, but I suspect that the vast majority will never be fixed.

Consider this.

Assuming nation state actors were not aware of this weakness before (WHICH IS HIGHLY UNLIKELY), they do now. If they were to get in the middle of a communications flow for say a gas pipeline or railroad switch signaling network, not only could they decrypt the messages, but since they have the encryption key and the ability to read messages in real time, they could inject their own commands that could, for example, reroute trains onto the same track or blow up a gas pipeline. We have already seen the Russians do both of these in the past and the Department of Energy’s Idaho National Labs did a demonstration of how to blow up a 1 million watt generator by interfering with the command flow (the video is on YouTube; search for Project Aurora).

Unfortunately, most legislators don’t really understand encryption or even technology in general so I would not look for them to do anything but to make things worse. Credit: The Register

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *