Slashdot Mirror
IBM Crypto Up For Grabs?
An Anonymous Coward writes: "BBC Newsnight have tonight shown an article about a groups of hackers who are about to release details of the vulnerability of the IBM Cryptographical processors. ( Details here.) The BBC article can be watched online here.
Alan Cox makes a starring role ;)" windowlicker adds some detail: "Mike Bond and Richard Clayton, from Cambridge University, have cracked
IBM's 4758 crytoprocessor running the 'Common Cryptographic Architecture' (CCA). You can do the same with $1000-worth of hardware
and the info from here. Many banks use this system for protecting PINs." The video file requires Real software; here's the BBC's article online for those of us without.
If you're gonna release some shit for purely knowledge reasons, then why are you advertising your intention to release it before releasing it?
Knowledge is knowledge. If you want to propagate effective computer security, don't badger and pressure corporations to cow to your wishes with publicity stunts like this one.
Instead, just release the hole, and let the damage be done. The damage itself will be far more instructive to the company. It will also be a better influence on computer security as a whole -- damaging releases will, perhaps, induce large corporations to practice better preventative security.
Goat sex free since 2001
- Hardware encryption will always be more difficult than software-based encryption to patch when vulnerabilities arise. There are advantages that can offset this when deciding whether or not to go with hardware, but contingency plans must be put in place for yanking the hardware back when a vulnerability is discovered.
- Homogeneity in network environments is nearly always bad. This particular vulnerability wouldn't be nearly as critical if it weren't for the fact that all banks who use these cryptoprocessors either use the same ones or use ones that are similar enough that vulnerabilities like these can be used on more than one "different" type. It's much harder to crack one and then crack another and another than it is to crack one and have therefore cracked them all.
At least I have high hopes that this vulnerability will be patched forthwith -- not only does IBM have a better track record than certain other corporations, banks have both the money and the clout to demand and receive.I'm watching the video right now, and its taken a bit of time to find out where this segment is on the bbc news.
So, for those of you who don't feel like jumping around the video for this segment, it starts at about 22 minutes in the broadcast.
That's where the money is!
sulli
RTFJ.
Cool. It looks like parents are letting their kids watch Fight Club before they know how to read.
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
Then again... I guess you'd only need to be an insider at the phone company (or whatever company might be leasing a cable to a phone company) to exploit ATM transfers. You wouldn't need to be a bank employee (who undergo background checks, etc).
"Prepare for the worst - hope for the best."
I'm not too worried about this. An electronic fraud is something that can be reasonably gotten out of, its the *banks* fault if their system eats your money. (Admittedly, I haven't read the small print of my own bank, but hey, its not the article, anyway).
The big problem I have with my bank, however, is the location and layout of their ATM machines to begin with:
1) ATM's are built into the wall, rather than in any kind of nook. The line generally forms directly behind the user. (This isn't so much of a problem for e.g. drive through atms, as the bulk of the car is obscuring view of the transaction).
2) The buttons on the keypad are almost two inches across! I know they have to make them 'easy to use', and big happy buttons are important for that, I imagine... but having to move my entire hand around to enter the code makes it trivial to watch someone's movements...as opposed to normal sized buttons where what is being pushed is generally obscured by your hand itself.
3) This is a general problem. Cards are *inserted* rather than *swiped*, which makes it almost trivial for people to rig the machines to prevent the card from being returned. A card swipe, where the card never leaves my hand, would be infinitely preferred to leaving my bank card at the mercy of any hoodlum with a bottle of soap and a pair of pliers.
4) Apparently the ATM card I recieved is more than I asked for... it is also a credit card AND a debit card AND who knows what all else... if they acquire it they can run me down even if I don't have any money left in the account proper.
So they article says that this is really only exploitable by "insiders". At first I felt safe. "Well, at least my money is Federally protected". Then I got to thinking about it. How would I prove that I wasn't the one who used my PIN at an ATM (or several) to clear out my account? Anyone have an answer that can put my mind at ease?
(Not like I'm going to take all my money from the bank, and stuff it in a jar. Just idle thoughts of threat)
The news (I liked Real links) claims that development took 20 years, and that normal banking procedures would prevent this type of attack. But Alan Cox, of course, strongly suggests that publishing the algorithm behind the chip would have helped to avoid this calamity.
"banks are vulnerable to a dishonest branch manager whose teenager has $995 and a few hours to spend in duplicating our work."
If you have a teenager who can hack FPGA's sufficiently well to brute force into a cash machine, you're really not going to have any problems making money in years to come. Either that or your problems are just beginning.
Dave
I write a blog now, you should be afraid.
Well its their heads under the DMCA 8)
Regardless, this is not a widespread problem. It is a weak system and it was always a weak system. But it's not worth thieves' time to steal PINs yet (for the most part anyway) just because PINless credit card fraud is still so easy.
-CT
Until IBM fix the CCA software to prevent our attack, banks are vulnerable to a dishonest branch manager whose teenager has $995 and a few hours to spend in duplicating our work.
I like the tech about hacking the processor, very clever. The rest is better read as bad fiction. Chalk this one up under the anarchist cookbook. Sure you may be able too, but you'll get thrown into jail or blow off a limb.
"Get them before they get....
At least, not relevant for this particular story.
1) The hackers themselves say "Until IBM fix the CCA software to prevent our attack...". According to the experts here, the fix is a software patch, not a hardware change-out.
2) This particular vulnerability only needs access to any single IBM 4758 running IBM's ATM. It does not depend on a whole set of them working together. In fact, given that you only need one, increased heterogeneity would increase the overall chance that a given network/organization has one exploitable system somewhere (although it does indeed decrease the overall chance that ALL your elements are exploitable).
Slashdot is entertaining like pro wrestling is entertaining
You only neeed access to the ATM for 20 minutes to download the keys. You then spend a couple days decrypting the keys offline.
I don't know about the rest of you but I have more than $20 in my bank account.
Q.
Should their customers really be scared? How likely is it that the technology to do the hardware cracking is easily available? Not too likely, I'd assume.
For a janitor to even have access to a server room is relatively unlikely, especially in a bank; I can't imagine they would let minimum-wage grunts in the same room as the financial data of their customers. For said janitor to have $1000 of specialized computing hardware is another thing. For him to know how to hook up that hardware to the IBM Encryption Coprocessor is even more difficult. Then he would have to actually go grab the PINs - all he'd have at this point is the DES key which they are encrypted with.
Sure, one person may exploit it - but seeing as most janitors aren't reading Slashdot, and probably don't even know it, or an IBM cryptocard exists, there is very little to worry about.
You'd be more likely to win the lotto than to have your money stolen by a janitor who cracked IBM's encryption.
Hmm.. I don't know. Sounds to me like you want to remove the very mechanism that drives innovation?
Competition breeds better products and more goodies for the consumer.
Codifex Maximus ~ In search of... a shorter sig.
I live in Canada. Some of this may not apply to your jurisdiction.
My bank uses a PIN which is a minimum of 4 digits long. I believe the maximum is 12. This solves the length problem. I have a 4-digit PIN, but that's mainly because I'm a grad student, and anybody who steals my bank card and gives me money has my thanks. Unfortunately, no luck yet. :)
We have Interac cops. Interac is the Canadian banking network; the ATMs you see in malls in Canada are usually run by chartered banks, and when they're not, they're run by somebody on the Interac network. These devices get policed, and they have some pretty serious security measures on them.
There's still the basic vulnerability of the encryption scheme to consider, of course. But the other concerns you bring up can be dealt with.
my old sig used to be funny, but then slashcode ate it and now it's not funny anymore
Yeah, but it's pretty easy for a smart theif to be hired as a janitor.
Care about electronic freedom? Consider donating to the EFF!
Yeah! It worked for the Soviets! And Mao! Let's go!
Ri-yot! Ri-yot! Ri-yot!
reduce the competitive nature of modern society and consequently the technological encryption/decryption competitive paradigm
Not to mention the free society paradigm, the able to feed oneself paradigm, and the use-the-forebrain paradigm. Rubbish!
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Maybe now I can get my hands on one of these using my employee discount ;) Imagine a pair of these hacked into supporting VPN endpoints? Or hardware-assisted GnuPG?
If having physical access to the card is a prereq to cracking it, I'm not too worried about my mother-in-law coming by while I'm at work. Now, the black van down the street that never seems to move.. that's a different story..
Intelligent Life on Earth
If you want more technical detail, check out the
paper on API-Level Attacks on Embedded Systems by Mike Bond and Ross Anderson.
Ross Anderson is the author of "Security Engineering" -- if you're interested in this story but haven't read the book, consider this a strong recommendation. More details inc. sample chapters at his website. Plus other fascinating stuff.
The most worring aspect of this is that if this discover had been made by American academics (rather than British) it would have been squashed by the DMCA.
A nice real world example, that you should be able to exploit, to beat the politicians, to our collective benefit.
I used to work with some of those cards at my former employee.
,a href="http://www.missionimpossible.com/">Missio n Impossible kind-of-thing.
Ther are actualy 2 models, well, there were 2 models when I was there. They are called cryptographic 4758 and 4758-II.
The first (and older model) wasn't that good at being a fast crypto card. That good for 2001 standards, that's it. Back when they were developed were pretty darn good.
The newest model was better and more powerfull. It supports more and tougher encryption keys. It offloads any machine of the heavy-cpu-load encryption burden. And it is pretty good piece of technology.
Their mision is to take over the CPU when dealing with encryption. That is, encrypt stuff before being sent or decrypt stuff received. It can seen not a big deal. But think of e-commerce and/or bank transactions: litearly hundreds of encrypt/decrypt processes.
The card is (was) a computer-in-a-card. It has a CPU with the power of a 486 (it does not use a 486 cpu). And it costs lotsa money.
Not so long ago, I heard that IBM was considering dumping the propietary OS of those cards, and use instead embeded secure Linux.
Now, I want to believe that they have craked the older model. If it is the newer model, well, it is pretty bad. This banks means not being able to trust each other. And I'm serious.
Nevertheless, to access one of those cards installed in a sensitive system, you must have phisycal access to the card. And this is not easy. It's like a real-life
If there's any problem with it, I'm pretty sure that the crypto team has worked and solved this thing.
Whilst the EFF Cracker cost $500,000, they recognised that now the research had been done you could build one for about $50K or so. Also FPGA tech has come a long way since then, so I reckon with a little forethought $10-20K may not be an impossible target, which if you can get a few million out of a bank for the effort is a good investment/ return ratio!
The EFF device was only cracking DES, not 3DES.
Just after EFF cracker came out I wrote a letter to the UK Daily Mail (National newspaper) about the security of credit card trading on the net.
Before you reply about it bear in mind:
a) the letter got edited heavily
b) this was when Euro browsers only had 40/56 bit encryption, and
c) yes the photo isn't of my good side! =-0 ]
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
The last question in the FAQ will help you out.