IBM Crypto Up For Grabs?

An Anonymous Coward writes: "BBC Newsnight have tonight shown an article about a groups of hackers who are about to release details of the vulnerability of the IBM Cryptographical processors. ( Details here.) The BBC article can be watched online here. Alan Cox makes a starring role ;)" windowlicker adds some detail: "Mike Bond and Richard Clayton, from Cambridge University, have cracked IBM's 4758 crytoprocessor running the 'Common Cryptographic Architecture' (CCA). You can do the same with $1000-worth of hardware and the info from here. Many banks use this system for protecting PINs." The video file requires Real software; here's the BBC's article online for those of us without.

Hacker divas suck.

[perdida]

If you're gonna release some shit for purely knowledge reasons, then why are you advertising your intention to release it before releasing it?

Knowledge is knowledge. If you want to propagate effective computer security, don't badger and pressure corporations to cow to your wishes with publicity stunts like this one.

Instead, just release the hole, and let the damage be done. The damage itself will be far more instructive to the company. It will also be a better influence on computer security as a whole -- damaging releases will, perhaps, induce large corporations to practice better preventative security.

Re:Hacker divas suck.

[SquierStrat]

If they had not told IBM about it ahead of time, I'd agree, it's negligent. But a year is plenty of time for IBM engineers (sad fact now that I think about it...i might be an intern at IBM this time next year...sorry off topic) to fix the problem. If they choose not to fix it (and I doubt that they were not warned that the informationw ould be released) they are the ones being negligent. Now, if IBM recieved no warning, I'd agree with you, it's negligent to say hey guess what! But, then again, more than just banks use this hardware....Alan Cox state "This is really military grade hardware...." I'm sure many large corp.'s use it, and the best way to let them know instead of just trying to call downa customer list is to say hey this exists, protect yourself. Also, it's a fairly easily blocked attacked until a fix is released. Which will hopefully be quick, as I just got a new Visa! ;-)

The Great Game!

[euroderf]

Cryptography/Countercryptography, it is all a neodarwinian game, an arms race, a cold war, call it what you will the key fact is that the decryptors are never very far behind the encryptors, the nature of technology is that the ability to encrypt blesses one with an equivalent ability to decrypt, the knowledge and techniques that improve encryption also improve decryption.

The problem is the competitive nature of modern business. Despite what the hackers and libertarians may say, the home user has no real need of encryption - encryption is the technology of big government and big business. The home user does not need it for his emails to Aunt Beth and porn downloading, but Big Government and Megacorp(TM) most certainly do, for their official secrets and industrial espionage.

The development of encryption is rather like the development of weapons - it is at it's fastest in a cuthroat society of vicious competition.

If we really want secure communication, we must not treat the symptoms by encrypting, but rather effect a radical cure - we must render all motivations for evesdropping redundant.

How?

Simple. Just attack the basis of competitive society by encouraging greater global cooperation (some sort of 5th International?), smashing big business, nationalise the worst, most competitive industries leaving only the big, lumbering and safe monopolies to do their thing. This way, we reduce the competitive nature of modern society and consequently the technological encryption/decryption competitive paradigm.

It would be tough, but is eminently possible. We just need the will to power!

Lessons to be learned:

[alewando]

1. Hardware encryption will always be more difficult than software-based encryption to patch when vulnerabilities arise. There are advantages that can offset this when deciding whether or not to go with hardware, but contingency plans must be put in place for yanking the hardware back when a vulnerability is discovered.
   
2. Homogeneity in network environments is nearly always bad. This particular vulnerability wouldn't be nearly as critical if it weren't for the fact that all banks who use these cryptoprocessors either use the same ones or use ones that are similar enough that vulnerabilities like these can be used on more than one "different" type. It's much harder to crack one and then crack another and another than it is to crack one and have therefore cracked them all.
   

At least I have high hopes that this vulnerability will be patched forthwith -- not only does IBM have a better track record than certain other corporations, banks have both the money and the clout to demand and receive.

Mountain out of a molehill

[Papa+Legba]

Ok granted they have hacked the hardware with a neato device that they built but.... Is it really practical as a hack, I was struck by the length of time it took to acomplish this hack in real time. Looks like three days total of the device attached to the machine. This is a VERY long time to try and hack something that is in a secure position. Also you have to get inside the bank undetected (either as an insider or as some sort of infiltrator) place the device out of sight (don't forget to hide the connections).

Frankly if you have gone that far why not just rob the vault? The money is right their. Ultimatly with this stealth run of encryption you have a bunch of PIN numbers.... Ok great but you don't have any of the cards or the card info that is needed even. Even if you some how extract the contents of the cards magnetic strip you still have to manufacture a card, then you have my pin number. Great now you can withdraw the total sum of my bank account which is ... about $20 right now. That's a lot of work in a high risk way to garner a very small amount of reward.

This is really not all that different than me saying I can crack a PCs bios password if I can get access to the physical machine and have a screwdriver. the amount of effort that precedes the hack negates the hacks effectiveness.

I applaud their inginuity, and I hope IBM buys the idea off of them as a handy tool to recover lost data, but if I was IBM I would not be in any big hurry to change all of this hardware.

Well, it's a worry but...

I type my pin into my cordless phone,
to check my balance regularly.
So anyone could tap my phone,
or just use an AM radio.
But chances are it will never happen to me...

Only a matter of time

[CmdrTroll]

My brother used to work as a contractor for Cirrus. He said that the PIN encryption was a private joke amongst all of the engineers there. The suits all believed that cryptographic mumbo-jumbo and really expensive chips sold by "connected" salespeople at IBM would protect the banks' assets. But, he said, the problems with the PIN were nearly impossible to solve. Consider:

• The PIN is four decimal digits = 10,000 combinations ~= somewhere between 13 and 14 bits of security. It is entirely feasible for a quick P4 to encrypt every single PIN within an hour, with time left over to play Unreal Tournament.
• There is no trusted path between the user's memory and the bank. Fake ATMs have been installed in shopping malls, collecting PINs and ATM cards from unsuspecting victims. Do you *really trust* every single PIN keypad at every shady gas station, grocery store, and Wal-Mart, not to have logging devices installed? Replay attacks are not rocket science.
• Embedding DES keys inside a chip will inevitably lead to compromise. One needs to look no farther than the DirecTV access cards (particularly the H and F cards) to see the amount of damage that a few determined hobbyists can do. Imagine if there are billions of dollars at stake rather than just a little free TV.

Regardless, this is not a widespread problem. It is a weak system and it was always a weak system. But it's not worth thieves' time to steal PINs yet (for the most part anyway) just because PINless credit card fraud is still so easy.

-CT

Re:Only a matter of time

[WasterDave]

10,000 combinations ~= somewhere between 13 and 14 bits of security. It is entirely feasible for a quick P4 to encrypt every single PIN within an hour, with time left over to play Unreal Tournament.

But if you read their page about how PIN works it becomes aparrent that you still need the derivation key, which is the hard bit to get.

Fake ATMs have been installed in shopping malls, collecting PINs and ATM cards from unsuspecting victims

LOL! Someone did a whole bunch of these in the UK a couple of years ago. Looked and smelled like an ATM, but took the PIN then complained that the card was borked, or something. Easy EASY kill.

because PINless credit card fraud is still so easy.

Exactly. 1e6+1 easier ways of stealing money than opening an ATM with an oxy-acetylene, spending two days cracking it with an FPGA and using all that to hack the banks comms. Easier to just look over some lamers shoulder then pick their pocket. Not that I would know. Not at all.

Dave

Some corrections

[hearingaid]

I live in Canada. Some of this may not apply to your jurisdiction.

My bank uses a PIN which is a minimum of 4 digits long. I believe the maximum is 12. This solves the length problem. I have a 4-digit PIN, but that's mainly because I'm a grad student, and anybody who steals my bank card and gives me money has my thanks. Unfortunately, no luck yet. :)

We have Interac cops. Interac is the Canadian banking network; the ATMs you see in malls in Canada are usually run by chartered banks, and when they're not, they're run by somebody on the Interac network. These devices get policed, and they have some pretty serious security measures on them.

There's still the basic vulnerability of the encryption scheme to consider, of course. But the other concerns you bring up can be dealt with.

Re:Insiders

[swillden]

Then again... I guess you'd only need to be an insider at the phone company (or whatever company might be leasing a cable to a phone company) to exploit ATM transfers.

Nope, read the article. Performing the attack requires that the insider have permission to use the Combine_Key_Parts function of the board. That means, essentially, that you have to have an "account" on the board with a username and password, and that your account has to have those permissions. Generally, only a very small number of people will have accounts, and only two or three at will have this permission.

Most worring aspect

[Martin+S.]

The most worring aspect of this is that if this discover had been made by American academics (rather than British) it would have been squashed by the DMCA.

A nice real world example, that you should be able to exploit, to beat the politicians, to our collective benefit.