Slashdot Mirror
IBM Crypto Up For Grabs?
An Anonymous Coward writes: "BBC Newsnight have tonight shown an article about a groups of hackers who are about to release details of the vulnerability of the IBM Cryptographical processors. ( Details here.) The BBC article can be watched online here.
Alan Cox makes a starring role ;)" windowlicker adds some detail: "Mike Bond and Richard Clayton, from Cambridge University, have cracked
IBM's 4758 crytoprocessor running the 'Common Cryptographic Architecture' (CCA). You can do the same with $1000-worth of hardware
and the info from here. Many banks use this system for protecting PINs." The video file requires Real software; here's the BBC's article online for those of us without.
Did someone hack IBM's mainframe?
What kind of *.axe did they use?
If you're gonna release some shit for purely knowledge reasons, then why are you advertising your intention to release it before releasing it?
Knowledge is knowledge. If you want to propagate effective computer security, don't badger and pressure corporations to cow to your wishes with publicity stunts like this one.
Instead, just release the hole, and let the damage be done. The damage itself will be far more instructive to the company. It will also be a better influence on computer security as a whole -- damaging releases will, perhaps, induce large corporations to practice better preventative security.
Goat sex free since 2001
I wonder how far professional crypto freaks will go? I mean it's cool, it's forcing banks to keep up with security, but I wonder how long it'll be (if ever) before we hit a point where it's just too damned expensive to crack security?
The problem is the competitive nature of modern business. Despite what the hackers and libertarians may say, the home user has no real need of encryption - encryption is the technology of big government and big business. The home user does not need it for his emails to Aunt Beth and porn downloading, but Big Government and Megacorp(TM) most certainly do, for their official secrets and industrial espionage.
The development of encryption is rather like the development of weapons - it is at it's fastest in a cuthroat society of vicious competition.
If we really want secure communication, we must not treat the symptoms by encrypting, but rather effect a radical cure - we must render all motivations for evesdropping redundant.
How?
Simple. Just attack the basis of competitive society by encouraging greater global cooperation (some sort of 5th International?), smashing big business, nationalise the worst, most competitive industries leaving only the big, lumbering and safe monopolies to do their thing. This way, we reduce the competitive nature of modern society and consequently the technological encryption/decryption competitive paradigm.
It would be tough, but is eminently possible. We just need the will to power!
- Hardware encryption will always be more difficult than software-based encryption to patch when vulnerabilities arise. There are advantages that can offset this when deciding whether or not to go with hardware, but contingency plans must be put in place for yanking the hardware back when a vulnerability is discovered.
- Homogeneity in network environments is nearly always bad. This particular vulnerability wouldn't be nearly as critical if it weren't for the fact that all banks who use these cryptoprocessors either use the same ones or use ones that are similar enough that vulnerabilities like these can be used on more than one "different" type. It's much harder to crack one and then crack another and another than it is to crack one and have therefore cracked them all.
At least I have high hopes that this vulnerability will be patched forthwith -- not only does IBM have a better track record than certain other corporations, banks have both the money and the clout to demand and receive.but wouldn't it be funny if IBM contacted them and offered to purchase the info on the vulnerability, thus keeping it a secret? I've oft wondered if anything like this has every occurred. Software blackmail anyone?
I posted to
I'm watching the video right now, and its taken a bit of time to find out where this segment is on the bbc news.
So, for those of you who don't feel like jumping around the video for this segment, it starts at about 22 minutes in the broadcast.
That's where the money is!
sulli
RTFJ.
Then again... I guess you'd only need to be an insider at the phone company (or whatever company might be leasing a cable to a phone company) to exploit ATM transfers. You wouldn't need to be a bank employee (who undergo background checks, etc).
"Prepare for the worst - hope for the best."
Crypto is like the law...it's made to be broken!
Slashdot, the site where everything's made up and the points don't matter
Oh man, I can see it now
Banker's son: "Hey dad, I need a new computer. I hear Alteras are pretty good...."
I'm not too worried about this. An electronic fraud is something that can be reasonably gotten out of, its the *banks* fault if their system eats your money. (Admittedly, I haven't read the small print of my own bank, but hey, its not the article, anyway).
The big problem I have with my bank, however, is the location and layout of their ATM machines to begin with:
1) ATM's are built into the wall, rather than in any kind of nook. The line generally forms directly behind the user. (This isn't so much of a problem for e.g. drive through atms, as the bulk of the car is obscuring view of the transaction).
2) The buttons on the keypad are almost two inches across! I know they have to make them 'easy to use', and big happy buttons are important for that, I imagine... but having to move my entire hand around to enter the code makes it trivial to watch someone's movements...as opposed to normal sized buttons where what is being pushed is generally obscured by your hand itself.
3) This is a general problem. Cards are *inserted* rather than *swiped*, which makes it almost trivial for people to rig the machines to prevent the card from being returned. A card swipe, where the card never leaves my hand, would be infinitely preferred to leaving my bank card at the mercy of any hoodlum with a bottle of soap and a pair of pliers.
4) Apparently the ATM card I recieved is more than I asked for... it is also a credit card AND a debit card AND who knows what all else... if they acquire it they can run me down even if I don't have any money left in the account proper.
Ok granted they have hacked the hardware with a neato device that they built but.... Is it really practical as a hack, I was struck by the length of time it took to acomplish this hack in real time. Looks like three days total of the device attached to the machine. This is a VERY long time to try and hack something that is in a secure position. Also you have to get inside the bank undetected (either as an insider or as some sort of infiltrator) place the device out of sight (don't forget to hide the connections).
... about $20 right now. That's a lot of work in a high risk way to garner a very small amount of reward.
Frankly if you have gone that far why not just rob the vault? The money is right their. Ultimatly with this stealth run of encryption you have a bunch of PIN numbers.... Ok great but you don't have any of the cards or the card info that is needed even. Even if you some how extract the contents of the cards magnetic strip you still have to manufacture a card, then you have my pin number. Great now you can withdraw the total sum of my bank account which is
This is really not all that different than me saying I can crack a PCs bios password if I can get access to the physical machine and have a screwdriver. the amount of effort that precedes the hack negates the hacks effectiveness.
I applaud their inginuity, and I hope IBM buys the idea off of them as a handy tool to recover lost data, but if I was IBM I would not be in any big hurry to change all of this hardware.
Papa Legba come and open the gate
So they article says that this is really only exploitable by "insiders". At first I felt safe. "Well, at least my money is Federally protected". Then I got to thinking about it. How would I prove that I wasn't the one who used my PIN at an ATM (or several) to clear out my account? Anyone have an answer that can put my mind at ease?
(Not like I'm going to take all my money from the bank, and stuff it in a jar. Just idle thoughts of threat)
The news (I liked Real links) claims that development took 20 years, and that normal banking procedures would prevent this type of attack. But Alan Cox, of course, strongly suggests that publishing the algorithm behind the chip would have helped to avoid this calamity.
as is typical, the mechanism was broken not because of the crypto algorithm but because of the implementation.
"banks are vulnerable to a dishonest branch manager whose teenager has $995 and a few hours to spend in duplicating our work."
If you have a teenager who can hack FPGA's sufficiently well to brute force into a cash machine, you're really not going to have any problems making money in years to come. Either that or your problems are just beginning.
Dave
I write a blog now, you should be afraid.
This does'nt work so no point clicking on it.
The BBC are becoming slacker nowadays.
http://news.bbc.co.uk/olmedia/cta/progs/newsnig
dazdaz
They announced this at SOSP 18, 2 weeks ago. Perhaps being sequestered in alpine Canada made the information take a while to disseminate.
The kid from Terminator 2 did that with a hacked atari computer.
God spoke to me
I type my pin into my cordless phone,
to check my balance regularly.
So anyone could tap my phone,
or just use an AM radio.
But chances are it will never happen to me...
or they could face the evil hand of the DMCA like Dmitry Sklyarov did. I wonder what would happen if the crackers had come from america, or if ibm will try to take those guys to court to protect their encryption.
;)
on the other hand, it's already hit the net so it's a pratically public domain now
t.
"Corrupting our youth one mind at a time"
you couldn't hack your area code
Well its their heads under the DMCA 8)
No, especially when you need physical access to the machine with the card to do it. What is immoral is spending a year lolly gagging around about it and not fixing it..IBM that is.
Derek Greene
That reminds me of my highschool login system that accepted wildcards. Huh.
Regardless, this is not a widespread problem. It is a weak system and it was always a weak system. But it's not worth thieves' time to steal PINs yet (for the most part anyway) just because PINless credit card fraud is still so easy.
-CT
After breaking the encryption on bank accounts.
Where can I go to book tickets to Bermuda?
Go to http://www.bermuda-online.org/airlines.htm
Funny stuff.
It's a fool that looks for logic in the chambers of the human heart.
Until IBM fix the CCA software to prevent our attack, banks are vulnerable to a dishonest branch manager whose teenager has $995 and a few hours to spend in duplicating our work.
I like the tech about hacking the processor, very clever. The rest is better read as bad fiction. Chalk this one up under the anarchist cookbook. Sure you may be able too, but you'll get thrown into jail or blow off a limb.
"Get them before they get....
At least, not relevant for this particular story.
1) The hackers themselves say "Until IBM fix the CCA software to prevent our attack...". According to the experts here, the fix is a software patch, not a hardware change-out.
2) This particular vulnerability only needs access to any single IBM 4758 running IBM's ATM. It does not depend on a whole set of them working together. In fact, given that you only need one, increased heterogeneity would increase the overall chance that a given network/organization has one exploitable system somewhere (although it does indeed decrease the overall chance that ALL your elements are exploitable).
Slashdot is entertaining like pro wrestling is entertaining
If the US ever gets a working DNA computer, no encryption will will be safe. It's interesting, the DNA comuter would literally be a million monkeys. eventually they'll recreate shakespear, and with a dna computer, it will break all encription by massive parrelelism and brute force.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
So, yeah, it sucks that these people found a weakness that lets them guess key bits, but DES should have been tossed years ago. At least for 3DES, which doubles the effective key size. But isn't the AES standard finalized now?
Problem is, banks don't want to replace outdated hardware and networks, as long as their customers don't know they should be scared where their money is going.
Hate stupid software on freshmeat? Laugh at
Should their customers really be scared? How likely is it that the technology to do the hardware cracking is easily available? Not too likely, I'd assume.
For a janitor to even have access to a server room is relatively unlikely, especially in a bank; I can't imagine they would let minimum-wage grunts in the same room as the financial data of their customers. For said janitor to have $1000 of specialized computing hardware is another thing. For him to know how to hook up that hardware to the IBM Encryption Coprocessor is even more difficult. Then he would have to actually go grab the PINs - all he'd have at this point is the DES key which they are encrypted with.
Sure, one person may exploit it - but seeing as most janitors aren't reading Slashdot, and probably don't even know it, or an IBM cryptocard exists, there is very little to worry about.
You'd be more likely to win the lotto than to have your money stolen by a janitor who cracked IBM's encryption.
No, it's immoral to break into banks.
I used to bulls-eye womp-rats in my pants
Sure, it's a small number, but even one is too many.
Not Meta-modding due to apathy.
Aye, but it's more than jsut working in a bank! You have to have physical access to the machine which is harder than one might think. Also you must have security access on the machine. Could this be obtained? Yes, but in reality, to do it you would have to be at a point where you had nothing to lose in life, and getting caught wouldn't matter, because chances are, you would be caught.
Derek Greene
Its the protocol which is faulty (like usual).
I live in Canada. Some of this may not apply to your jurisdiction.
My bank uses a PIN which is a minimum of 4 digits long. I believe the maximum is 12. This solves the length problem. I have a 4-digit PIN, but that's mainly because I'm a grad student, and anybody who steals my bank card and gives me money has my thanks. Unfortunately, no luck yet. :)
We have Interac cops. Interac is the Canadian banking network; the ATMs you see in malls in Canada are usually run by chartered banks, and when they're not, they're run by somebody on the Interac network. These devices get policed, and they have some pretty serious security measures on them.
There's still the basic vulnerability of the encryption scheme to consider, of course. But the other concerns you bring up can be dealt with.
my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
Someone was selling a dozen of these on eBay for $127.99/ea. I wonder why......
I didn't read everything, but as I understand it they are treating this IBM cryto card as a black box, sending it info and saving the results, which is reasonable, but they are using priveledged access to this card to get permission to send keys knowing old keys to get into the system. So this requires an insider who has access to the banks internal systems, those people have much easier ways to steal money, the systems are designed primarily to defeat external hackers, insiders and almost impossible to defeat. So the crack is totally dependent on having access both to the card to feed it data and access to priveldges to the banks computers so the person is already inside thier not really cracking 3DES, thier cracking the key storage mechanisms. While this is one way to steal money from a bank, there are realitively few people with this sort of access and I'd be pretty sure that the bank checks up on those poeple before giving them acces, so this is much more of a cleaver work arround that IBM needs to better design thier systems, they are not cracking 3DES, they are cracking the key storage, the encryption is secure, the key storage isn't. As always if you have access, it isn't hard to get in but without that access this hack is meaningless. I've read a few of these supposed hacks and they always make very unrealistic assumptions about having some level of access the crypto scheme is secure the impelmentation isn't (much like the DVD DeCSS, stuff, the security can't be hacked itself but poor impelementation leaves the doors wide open.
For those of you who don't want to guess where the cypto stuff starts in the Real Media file it starts between 21 and 22 minutes
What good is a used up world, and how could it be worth having? --Sting
What an unholy load of crap. I have never seen suck a bitchy, needy, clingy installer. What the world needs is a RealMedia to MPEG converter.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Yeah, but it's pretty easy for a smart theif to be hired as a janitor.
Care about electronic freedom? Consider donating to the EFF!
Hey Chachi, if they're so far ahead of their time, why haven't they done anything about this in the several months that they've known about the problem? Thanks, IBM!!
"Silence can't be bought, only rented."
It wouldn't work. Would IBM really trust a bunch of guys that just did this to them, anyways?
If the hackers were just out to get money from IBM in the first place, it'd probably be considered some form of espionage. Or blackmail. Or whatever you want to call it. Regardless, I'm sure Big Blue can afford the lawyers to kick the hell out of Bond and Clayton if they so choose and if there's any possible legal justification for doing so.
Anybody know if this is going to turn into a DMCA issue?
Yes, but how many slashdot readers work in banks?
Didn't that survey from earlier this year put the number at around 95%? Oh wait, I thought you said fast food joints.
IIRC, the effcracker cost like $500,000 to build. Granted, that was three years ago, but even you factor a 4x improvement that's still $125,000. It's not that much compared to what you could theoreticaly get, but it puts the bar pretty high for entry.
And even if you could build the machine, you'd still need to aquire the data to decript (also not easy).
autopr0n is like, down and stuff.
Damn. Now _THERE_ is a reason to watch the vid! Hopefully there are some claymores and bagpipes involved! Maybe throw in a Stone of Scone for a good measure....
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
So with the DMCA in the US and all, would these two Cambridge PhD students be at risk of being Skylaroved if they visit the US?
"Russian mafia in PIN-code scam"
http://www.thisismoney.com/19991026/nm8195.html
"Anybody know if this is going to turn into a DMCA issue?"
:)
It will be a cold day in hell well US law is applicable in British courts
if you don't have an insider at a bank or if years of jailtime scare you, there's a few of the 4758 cards on ebay. and there will probably be more posted after this ;) if i wasn't a poor college student i'd pick one up to try this out in the safety of my own room.
This research reminds me of passed age where scientists could publish their work freely without fear of rebuke, where academic freedom reigned over commercial interests. Where a publisher cannot be prevented from linking to the research, be it the BBC in this case, shame 2600 isn't afforded such rights.
But of course, even if these researchers are perfectly legitimate in Britain they could be in trouble they visited the US, even if they didn't come within 1 mile of a computer in the US they could be arrested for the work they did in Britain, which smacks of the France v. Yahoo! case of overbearing jurisdictions.
I'd suggest that none of the Cambridge researchers take a trip to countries with industry driven copyright acts, and the guy who is on sabbatical in the US should probably be careful too, it's like having the mob on your back right?
I just hope the UK doesn't get a DMCA.
Nobody is breaking into banks... these guys merely illustrated a flaw, a little like you telling your local bank that leaving the door unlocked a night isn't a particularly good idea, does that make you a robber?
Maybe now I can get my hands on one of these using my employee discount ;) Imagine a pair of these hacked into supporting VPN endpoints? Or hardware-assisted GnuPG?
If having physical access to the card is a prereq to cracking it, I'm not too worried about my mother-in-law coming by while I'm at work. Now, the black van down the street that never seems to move.. that's a different story..
Intelligent Life on Earth
IBM: Damn it Q! Quit making all those damned crazy gadgets for him will ya?
"They do not preach that their god will rouse them, a little before the Nuts work loose." Kipling, 'The Sons of Martha'
Should make us all feel safer!
It's VERY interesting to see that they scrutinise political scandals even MORE closely than we do, and with ohso much more drama and gravity.
The Encryption bit was far better done than we would see here on Nightline. It tilted towards paranoia, true, but the underlying principles were given far more voice than we would generally see here in the US.
Also...
Hang around for the Afghanistan segment. It's got a bit of bias, but it worked for me. I knew more exiting than when I came in.
Brak: What's THAT?
Thundercleese: A light switch.. of TOTAL DEVASTATION!
Damn! Now "Get rich quick"-schemes are turning up in slashdot-stories.
If you want more technical detail, check out the
paper on API-Level Attacks on Embedded Systems by Mike Bond and Ross Anderson.
Ross Anderson is the author of "Security Engineering" -- if you're interested in this story but haven't read the book, consider this a strong recommendation. More details inc. sample chapters at his website. Plus other fascinating stuff.
IBM was prohibited from fixing this backdoor put in place by
It will be a cold day in hell well US law is applicable in British courts
Right up until the day that a law equivalent to the DMCA is passed by the UK parliament.
Given the current state of homogenaeity (for lack of a better word, and did I spell that correctly?) of what might be termed the important laws (WTO, anyone?) I'd not be surprised to see a DMCA equivalent appearing at a parliament near you, where-ever you are...
Sadly...
If you're a zombie and you know it, bite your friend!
For a janitor to even have access to a server room is relatively unlikely, especially in a bank;
You might be surprised, especiallly in a small credit union (or equivalent). Heck, someone has to empy the wastebasket and vacuum the rug, and I really can't visualize the CEO doing it.
If you're a zombie and you know it, bite your friend!
The most worring aspect of this is that if this discover had been made by American academics (rather than British) it would have been squashed by the DMCA.
A nice real world example, that you should be able to exploit, to beat the politicians, to our collective benefit.
...to move my money back under my matress?
I used to work with some of those cards at my former employee.
,a href="http://www.missionimpossible.com/">Missio n Impossible kind-of-thing.
Ther are actualy 2 models, well, there were 2 models when I was there. They are called cryptographic 4758 and 4758-II.
The first (and older model) wasn't that good at being a fast crypto card. That good for 2001 standards, that's it. Back when they were developed were pretty darn good.
The newest model was better and more powerfull. It supports more and tougher encryption keys. It offloads any machine of the heavy-cpu-load encryption burden. And it is pretty good piece of technology.
Their mision is to take over the CPU when dealing with encryption. That is, encrypt stuff before being sent or decrypt stuff received. It can seen not a big deal. But think of e-commerce and/or bank transactions: litearly hundreds of encrypt/decrypt processes.
The card is (was) a computer-in-a-card. It has a CPU with the power of a 486 (it does not use a 486 cpu). And it costs lotsa money.
Not so long ago, I heard that IBM was considering dumping the propietary OS of those cards, and use instead embeded secure Linux.
Now, I want to believe that they have craked the older model. If it is the newer model, well, it is pretty bad. This banks means not being able to trust each other. And I'm serious.
Nevertheless, to access one of those cards installed in a sensitive system, you must have phisycal access to the card. And this is not easy. It's like a real-life
If there's any problem with it, I'm pretty sure that the crypto team has worked and solved this thing.
This explains a lot about why my employer has migrated to triple DES for our ATM PIN encryption.
The combination of points 2 and 3 make for interesting social engineering exploits.
Last month there was a report of someone using this to steal money - they put something (the news report was unclear on this) in the slot of the ATM, and wait for someone to insert their card, the card would get stuck..
At this point, the hoax artist (who was conveniently in line behind the Mark) would go to the Mark and say "hey, this happened to me last week at this machine - you have to re-enter your PIN number, and hit # twice" to get your card back.
The Mark would then do this (as the con artist watched) - it wouldn't work (of course), and the hoax artist would say "hmm, that's strange, I guess you need to go into the bank and talk to the manager".. the Mark would leave, and the con artist would retreive the card, and withdraw all their money.
Take a look at these E-bay auctions:
IBM PCI Cryptography Encryption Card 4758
IBM PCI CRYPTOGRAPHIC COPROCESSOR 4758 002
Looks like the banking industry already knew about this and are trying to get rid of the problem.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
I'm more nervous about the bank leaving the vault door open than this.
The security flaw is with a corrupt bank manager with mafia ties.. someone who has the resources to attempt to steal millions.
I dont think the lonewolf hacker who sneaks into the back room is really the problem. It would be much easier to palm a few $100's from the cash drawer instead.
The last question in the FAQ will help you out.
It serves the banks right to loose stock value and public trust. Who would want their finnancial lives dependent on an array of 486's (probabily SX class since banks don't really do floating point calculations ;-) ). No offense to those of you who have P5 servers running linux-1.2 with an uptime of 6 years but I don't want to my give money to someone who uses archaic devices.
Oh, I 100% agree! But, even there, the odds of a bank manager having the technical ability to do it, are not good. Not to mention if the act is performed you can almost immediately know who did it. Your suspect list is very minimal at worst.
Derek Greene
Are you saying all bank managers are stupid?
People like you are the reason we refuse future college dropouts like yourself loans, and hold up your McDonalds pay check in processing until your rent check cashes so you get charged for being overdrawn.
No, I didn't say they were stupid, I said they don't have the technical ability to do the deed...most don't anyhow. I've no trouble getting loans by the way, nor am I a future college drop-out...I'm doing very well in college thank you. Nor do I work at a McDonald. I don't need to pay rent, because hey I can live at home with my folks for free. Nor do I bounce checks, and my credit card is paid off at the end of every month thank you.
Bank managers are very intelligent people, but being intelligent does not mean one has technical ability. I doubt Einstein could very easily use a computer, being that he'd never seen one and doesn't know how to use it. Read the context before you post something like that and before insulting someone else.
Derek Greene
You didn't spell it correctly, and that's my middlename, which I don't use. I see you like to hold a grudge. That's unhealthy you know...
Why the grudge by the way? If I'm so retarded like you say, why don't you just ignore me? Oh that's because I'm right and you're not and you don't like that. Get a life, please.
Derek Greene