Followups
- Facebook has replaced the infamous study app that breached Apple’s Enterprise Developer Program rules and got them into so much trouble a few months ago with a new app that is not side-loaded, is explicit in what it does, and is Android only (Editorial by Bart: I’m guessing they couldn’t get a useful spying app through Apple’s App Store review process) — techcrunch.com/…
- We’ve mentioned before that as things stand, deleting an app with an active subscription on iOS will not terminate this subscription. This fact has been abused by apps with exorbitant subscription pricing. iOS 13 will change things for the better – when you delete an app with an active subscription, the OS will ask if you also want to end the subscription — www.macobserver.com/…
🧯Security Medium — RAMBleed
We’ve known about the RowHammer vulnerability for some time now. It allows attackers to alter the contents of another process’s memory if they can arrange to have memory they need to attack located physically next to memory they control on the computer’s RAM chips. The attack works by forcing the OS to read the attacking process’s RAM so often and frequently that the interference bleeds into the adjacent row on the RAM chip and alters its contents. The vulnerability affects the most commonly used types of RAM chips – DDR3 & DDR4 SDRAM.
Like with the Meltdown & Spectre-type attacks, RowHammer is not a big problem for consumers because the attacker has to be on your machine already. Basically, you need to be infected with malware to get RowHammered, and if there’s already malware on your machine, it can cause you more damage more easily by other means!
Again, like with Meltdown & Spectre, RowHammer is a big problem when you add virtualisation into the mix. Now, you have different VMs sharing the same RAM chips. Now, the malware can be running an entirely separate OS to the victim product. This would be utterly unacceptable in a cloud hosting environment!
However, in reality, RowHammer has not been much of a problem for cloud providers because they use high-end ECC RAM with has built-in error detection and correction, so any bits flipped by RowHammer get almost instantaneously flipped back to their original value, thwarting the attack!
In a true jiu-jitsu-style move, RAMBleed uses ECC to create a more dangerous variant of RowHammer that can’t alter data in a victim process, but can read it instead! That’s actually worse!
How does it work? Again, like with Meltdown & Spectre, RAMBleed is a side-channel attack. When ECC has to step in and fix a problem, it causes a detectable slow-down, so the attacking process can know when it caused a bit in the victim process to flip. Because of ECC, that flip is fixed before it can be read, so this might sound futile, but, there is one more subtle but important piece to the puzzle — there is an asymmetry between the probabilities of a bit being flipped from a one to a zero and a zero to a one.
RAMBleed slowly reads data in adjacent RAM by intentionally causing bit flips by RowHammering its own memory with different patterns of ones and zeros and measuring how often each pattern results in ECC having to correct a bit flip. When you have enough data on enough flips you can use some clever statistics to give you the probable value of the victim process’s memory.
The key point is that this attack is slow, hence the use of the word Bleed in the name. Since the famous Heartbleed vulnerability, it’s become common practice to append Bleed to the names of vulnerabilities that can be used to trickle data out slowly.
Because the attack is slow, it can’t be used to read values from memory that change often. It’s only useful against data that stays in memory for a long time. Unfortunately, some of the most valuable data of all sits in memory for days and weeks at a time — encryption keys! Full disk encryption and secure protocols like SSH need to keep their keys in RAM to function, and are usually running as long as the computer is.
The proof-of-concept for this attack was an exploit against open SSH, but that project has responded with an extremely clever solution — one that all other processes that keep sensitive data resident in RAM for long periods of time could also adopt.
The solution the OpenSSH team came up with sounds circular, but it’s not, and its actually gloriously ingenious! They encrypt their encryption key and keep the key to the encryption for their key in memory. How can that possibly work?
SSH keys are symmetric, that means they are part of a key-pair, and you can verify that your guess at the private half of the key is correct using the public key, which is not a secret. Because RAMBleed is probabilistic, it can’t give a perfect answer, just a range of probabilities, so to get an OpenSSH private key the attack calculates probable values for the private key, then tests each with the public key to figure out which one of their guesses is correct.
Symmetric encryption keys are not part of a keypair, so they have to be read perfectly to be usable. If you encrypt your private key with a long symmetric key, then the probability of RAMBleed reading your private key without getting a single bit wrong is vanishingly small to the point of being effectively impossible! So, by encrypting the SSH private key with a long symmetric key, the OpenSSH team have been able to protect their SSH implementation from RAMBleed at a software level.
Thankfully there are also hardware-level mitigations large cloud providers can use. Modern server-level CPUs support separate RAM encryption per-VM, so each VM’s RAM will be encrypted with a different key, and those keys are stored in secure enclaves on the CPU, so they’re never stored in RAM.
Links
- The bug’s official website — rambleed.com/…
- A good overview of how the attack works and what its implications are — www.bleepingcomputer.com/…
- A good description of OpenSSH’s clever defence against RAMBleed — nakedsecurity.sophos.com/…
Notable Security Updates
- The Linux kernel has been patched against three vulnerabilities in the TCP/IP network stack that allow a remote attacker to crash a device by sending it a malicious TCP packet. Because of the part of the network stack the bugs are in, you’ll see it referred to as the TCP SACK flaw. Patches are available for all major distributions. — nakedsecurity.sophos.com/…
- Mozilla patched two Firefox zero-day flaws in one week — nakedsecurity.sophos.com/…
- VLC media player gets biggest security update ever — nakedsecurity.sophos.com/…
- What makes this update special is that the bugs came to light thanks to a bug bounty program run by the EU to help make popular open source apps more secure.
Notable News
- Controversial Israeli security firm Cellebrite releases a new product it claims can break into any iPhone, even those on the latest iOS — www.macobserver.com/…
- Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options — arstechnica.com
- Openly Operated wants to make privacy policies actually mean something — www.theverge.com/…
- Mozilla’s Track THIS Project Aims to Fool Advertisers — www.macobserver.com/… & Mozilla’s bizarre robo-surfer project demonstrates ad snooping — nakedsecurity.sophos.com/…
- 🇺🇸 Florida court sides with criminal defendant who fought giving his iPhone passcode to police — www.orlandoweekly.com/…
- Twitter Starts Flagging Tweets From World Leaders That Break its Rules — www.macobserver.com/…
- Google have introduced two interesting new security feature for their Chrome browser — nakedsecurity.sophos.com/…
- Typo-squatting protection — URLs that look similar enough to URLs you normally visit to probably be a typo will be intercepted with a warning message asking if you really meant to go to the URL you usually go to.
- Google have released a new plugin that allows users to flag sites as suspicious
Suggested Reading
- PSAs, Tips & Advice
- Notable Breaches & Privacy Violations
- Millions of Venmo transactions scraped (again) — nakedsecurity.sophos.com/…
- Used Nest cams were letting previous owners spy on you — nakedsecurity.sophos.com/…
- WeTransfer sends user file links to wrong people — nakedsecurity.sophos.com/…
- Spanish soccer league LaLiga has been fined €250,000 for abusing the sensors in their smartphone app to detect illegal public displays of of their matches — nakedsecurity.sophos.com/…
- xSocialMedia – a Facebook marketing agency that runs campaigns for medical malpractice lawsuits – has leaked the medical and other data that about 150,000 peoplenakedsecurity.sophos.com/…
- 🇺🇸 Government is exposing identities of child abuse victims — nakedsecurity.sophos.com/…
- 🇺🇸 NSA Found Wrongly Collecting Phone Records For Second Time — www.macobserver.com/…
- 🇨🇦 Desjardins’ employee from hell spills 2.9m records — nakedsecurity.sophos.com/…
- Notable IoT Vulnerabilities
- News
- ⭐️ 🇺🇸 The US is reportedly seeding Russia’s power grid with malware — nakedsecurity.sophos.com/…
- ⭐️ Research finds that Facebook posts can detect many illnesses with a high rate of accuracy before patients generally present to a doctor with symptoms. Used ethically, this could be a very useful tool — nakedsecurity.sophos.com/…
- ⭐️ Mobile apps riddled with high-risk vulnerabilities, warns report — nakedsecurity.sophos.com/…
- ⭐️ Facebook have announced Libra Coin, a notionally independent crypto currency that will be tied to regular currencies for stability that they will have a large influence over and use in their products — Facebook’s Libra coin cryptocurrency, explained — www.wired.co.uk/…
- 🇺🇸 FTC crackdown targets operators behind 1 billion robocalls — nakedsecurity.sophos.com/…
- 🇺🇸 DASHBOARD Act Could Reveal How Much Our Data is Worth — www.macobserver.com/…
- 🇺🇸 Government agencies still send sensitive files via hackable .zips — nakedsecurity.sophos.com/…
- 🇺🇸 Presidential text alerts are open to spoofing attacks, warn researchers — nakedsecurity.sophos.com/…
- Opinion & Analysis
- ⭐️ Jim Balsillie : ‘Data is not the new oil – it’s the new plutonium’ — business.financialpost.com/… (Thanks to NosillaCastaway Steven Goetz for suggesting this article)
- ⭐️ (Editorial by Bart: The security record on Smart TVs as a category is abysmal, my advice would be to stick to well maintained 3rd-party boxes like AppleTV, ROKU, Google’s ChromeCast or Amazon’s FireStick to add smarts to your TV) Samsung’s security reminder makes the case for not owning a Samsung smart TV — www.theverge.com/…
- ⭐️ Facebook moderators break their NDAs to expose desperate working conditions — www.theverge.com/…
- ⭐️ CISO Mag deep dives into the Apple Card examining what it will do — www.imore.com/…
- ⭐️ Inside Apple’s team that greenlights iPhone apps for the App Store — www.cnbc.com/…
- Google’s new reCAPTCHA has a dark side — www.fastcompany.com/…
- Mac malware on the rise again; several new threats found — www.intego.com/…
- You Care More About Your Privacy Than You Think — www.nytimes.com/…
- 🇺🇸 The SIM Swap Fix That the US Isn’t Using — www.wired.com/…
- Propellor Beanie Territory
- ⭐️ How Apple’s New Find My Service Locates Missing Hardware That’s Offline — tidbits.com/…
- Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers — krebsonsecurity.com/…
- Tracing the Supply Chain Attack on Android — krebsonsecurity.com/…
- OSX/CrescentCore: Mac malware designed to evade antivirus — www.intego.com/…
Suggested Listening
- 🎧 The Daily: Hacking the Russian Power Grid — overcast.fm/… (Podcast Episode recommended by NosillaCastaway Lynda)
Palate Cleansers
- 🎧 50 Things that Made the Modern Economy: Blockchain — overcast.fm/… (Podcast Episode)
Note: When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.