• CRYPTO-GRAM, April 15, 2021

    From Sean Rima@618:500/14 to All on Fri Apr 16 18:44:43 2021

    Crypto-Gram
    April 15, 2021

    by Bruce Schneier
    Fellow and Lecturer, Harvard Kennedy School
    schneier@schneier.com
    https://www.schneier.com

    A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.

    For back issues, or to subscribe, visit Crypto-Gram's web page.

    Read this issue on the web

    These same essays and news items appear in the Schneier on Security blog, along with a lively and intelligent comment section. An RSS feed is available.

    ** *** ***** ******* *********** *************
    In this issue:

    If these links don't work in your email client, try reading this issue of Crypto-Gram on the web.

    Security Analysis of Apple's "Find My..." Protocol
    On the Insecurity of ES&S Voting Machines' Hash Code
    Illegal Content and the Blockchain
    Exploiting Spectre Over the Internet
    Easy SMS Hijacking
    Details of a Computer Banking Scam
    Accellion Supply Chain Hack
    Determining Key Shape from Sound
    Hacking Weapons Systems
    System Update: New Android Malware
    Fugitive Identified on YouTube By His Distinctive Tattoos
    Malware Hidden in Call of Duty Cheating Software
    Wi-Fi Devices as Physical Object Sensors
    Phone Cloning Scam
    Signal Adds Cryptocurrency Support
    Google's Project Zero Finds a Nation-State Zero-Day Operation
    Backdoor Added -- But Found -- in PHP
    More Biden Cybersecurity Nominations
    The FBI Is Now Securing Networks Without Their Owners' Permission
    Upcoming Speaking Engagements

    ** *** ***** ******* *********** *************
    Security Analysis of Apple's "Find My..." Protocol

    [2021.03.15] Interesting research: ΓÇ£Who Can Find My Devices? Security and Privacy of AppleΓÇÖs Crowd-Sourced Bluetooth Location Tracking SystemΓÇ£:

    Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the worldΓÇÖs largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a userΓÇÖs top locations with an error in the order of 10 meters in urban areas. While we find that OFΓÇÖs design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.

    There is also code available on GitHub, which allows arbitrary Bluetooth devices to be tracked via AppleΓÇÖs Find My network.

    ** *** ***** ******* *********** *************
    On the Insecurity of ES&S Voting Machines' Hash Code

    [2021.03.16] Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&SΓÇÖs software authentication system:

    It turns out that ES&S has bugs in their hash-code checker: if the ΓÇ£reference hashcodeΓÇ¥ is completely missing, then itΓÇÖll say ΓÇ£yes, boss, everything is fineΓÇ¥ instead of reporting an error. ItΓÇÖs simultaneously shocking and unsurprising that ES&SΓÇÖs hashcode checker could contain such a blunder and that it would go unnoticed by the U.S. Election Assistance CommissionΓÇÖs federal certification process. ItΓÇÖs unsurprising because testing naturally tends to focus on ΓÇ£does the system work right when used as intended?ΓÇ¥ Using the system in unintended ways (which is what hackers would do) is not something anyone will notice.

    Also:

    Another gem in Mr. MechlerΓÇÖs report is in Section 7.1, in which he reveals that acceptance testing of voting systems is done by the vendor, not by the customer. Acceptance testing is the process by which a customer checks a delivered product to make sure it satisfies requirements. To have the vendor do acceptance testing pretty much defeats the purpose.

    ** *** ***** ******* *********** *************
    Illegal Content and the Blockchain

    [2021.03.17] Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger. Since the blockchain is globally accessible and hard to take down, the botnetΓÇÖs operators appear to be safe.

    ItΓÇÖs best to avoid explaining the mathematics of BitcoinΓÇÖs blockchain, but to understand the colossal implications here, you need to understand one concept. Blockchains are a type of ΓÇ£distributed ledgerΓÇ¥: a record of all transactions since the beginning, and everyone using the blockchain needs to have access to -- and reference -- a copy of it. What if someone puts illegal material in the blockchain? Either everyone has a copy of it, or the blockchainΓÇÖs security fails.

    To be fair, not absolutely everyone who uses a blockchain holds a copy of the entire ledger. Many who buy cryptocurrencies like Bitcoin and Ethereum donΓÇÖt bother using the ledger to verify their purchase. Many donΓÇÖt actually hold the currency outright, and instead trust an exchange to do the transactions and hold the coins. But people need to continually verify the blockchainΓÇÖs history on the ledger for the system to be secure. If they stopped, then it would be trivial to forge coins. ThatΓÇÖs how the system works.

    Some years ago, people started noticing all sorts of things embedded in the Bitcoin blockchain. There are digital images, including one of Nelson Mandela. ThereΓÇÖs the Bitcoin logo, and the original paper describing Bitcoin by its alleged founder, the pseudonymous Satoshi Nakamoto. There are advertisements, and several prayers. ThereΓÇÖs even illegal pornography and leaked classified documents. All of these were put in by anonymous Bitcoin users. But none of this, so far, appears to seriously threaten those in power in governments and corporations. Once someone adds something to the Bitcoin ledger, it becomes sacrosanct. Removing something requires a fork of the blockchain, in which Bitcoin fragments into multiple parallel cryptocurrencies (and associated blockchains). Forks happen, rarely, but never yet because of legal coercion. And repeated forking would destroy BitcoinΓÇÖs stature as a stable(ish) currency.

    The botnetΓÇÖs designers are using this idea to create an unblockable means of coordination, but the implications are much greater. Imagine someone using this idea to evade government censorship. Most Bitcoin mining happens in China. What if someone added a bunch of Chinese-censored Falun Gong texts to the blockchain?<

    What if someone added a type of political speech that Singapore routinely censors? Or cartoons that Disney holds the copyright to?

    In BitcoinΓÇÖs and most other public blockchains there are no central, trusted authorities. Anyone in the world can perform transactions or become a miner. Everyone is equal to the extent that they have the hardware and electricity to perform cryptographic computations.

    This openness is also a vulnerability, one that opens the door to asymmetric threats and small-time malicious actors. Anyone can put information in the one and only Bitcoin blockchain. Again, thatΓÇÖs how the system works.

    Over the last three decades, the world has witnessed the power of open networks: blockchains, social media, the very web itself. What makes them so powerful is that their value is related not just to the number of users, but the number of potential links between users. This is MetcalfeΓÇÖs law -- value in a network is quadratic, not linear, in the number of users -- and every open network since has followed its prophecy.

    As Bitcoin has grown, its monetary value has skyrocketed, even if its uses remain unclear. With no barrier to entry, the blockchain space has been a Wild West of innovation and lawlessness. But today, many prominent advocates suggest Bitcoin should become a global, universal currency. In this context, asymmetric threats like embedded illegal data become a major challenge.

    The philosophy behind Bitcoin traces to the earliest days of the open internet. Articulated in John Perry BarlowΓÇÖs 1996 Declaration of the Independence of Cyberspace, it was and is the ethos of tech startups: Code is more trustworthy than institutions. Information is meant to be free, and nobody has the right -- and should not have the ability -- to control it.

    But information must reside somewhere. Code is written by and for people, stored on computers located within countries, and embedded within the institutions and societies we have created. To trust information is to trust its chain of custody and the social context it comes from. Neither code nor information is value-neutral, nor ever free of human context.

    Today, BarlowΓÇÖs vision is a mere shadow; every society controls the information its people can access. Some of this control is through overt censorship, as China controls information about Taiwan, Tiananmen Square, and the Uyghurs. Some of this is through civil laws designed by the powerful for their benefit, as with Disney and US copyright law, or UK libel law.

    Bitcoin and blockchains like it are on a collision course with these laws. What happens when the interests of the powerful, with the law on their side, are pitted against an open blockchain? LetΓÇÖs imagine how our various scenarios might play out.

    China first: In response to Falun Gong texts in the blockchain, the PeopleΓÇÖs Republic decrees that any miners processing blocks with banned content will be taken offline -- their IPs will be blacklisted. This causes a hard fork of the blockchain at the point just before the banned content. China might do this under the guise of a ΓÇ£patrioticΓÇ¥ messaging campaign, publicly stating that itΓÇÖs merely maintaining financial sovereignty from Western banks. Then it uses paid influencers and moderators on social media to pump the China Bitcoin fork, through both partisan comments and transactions. Two distinct forks would soon emerge, one behind ChinaΓÇÖs Great Firewall and one outside. Other countries with similar governmental and media ecosystems -- Russia, Singapore, Myanmar -- might consider following suit, creating multiple national Bitcoin forks. These would operate independently, under mandates to censor unacceptable transactions from then on.

    DisneyΓÇÖs approach would play out differently. Imagine the company announces it will sue any ISP that hosts copyrighted content, starting with networks hosting the biggest miners. (Disney has sued to enforce its intellectual property rights in China before.) After some legal pressure, the networks cut the miners off. The miners reestablish themselves on another network, but Disney keeps the pressure on. Eventually miners get pushed further and further off of mainstream network providers, and resort to tunneling their traffic through an anonymity service like Tor. That causes a major slowdown in the already slow (because of the mathematics) Bitcoin network. Disney might issue takedown requests for Tor exit nodes, causing the network to slow to a crawl. It could persist like this for a long time without a fork. Or the slowdown could cause people to jump ship, either by forking Bitcoin or switching to another cryptocurrency without the copyrighted content.

    And then thereΓÇÖs illegal pornographic content and leaked classified data. These have been on the Bitcoin blockchain for over five years, and nothing has been done about it. Just like the botnet example, it may be that these do not threaten existing power structures enough to warrant takedowns. This could easily change if Bitcoin becomes a popular way to share child sexual abuse material. Simply having these illegal images on your hard drive is a felony, which could have significant repercussions for anyone involved in Bitcoin.

    Whichever scenario plays out, this may be the Achilles heel of Bitcoin as a global currency.

    If an open network such as a blockchain were threatened by a powerful organization -- ChinaΓÇÖs censors, DisneyΓÇÖs lawyers, or the FBI trying to take down a more dangerous botnet -- it could fragment into multiple networks. ThatΓÇÖs not just a nuisance, but an existential risk to Bitcoin.

    Suppose Bitcoin were fragmented into 10 smaller blockchains, perhaps by geography: one in China, another in the US, and so on. These fragments might retain their original users, and by ordinary logic, nothing would have changed. But MetcalfeΓÇÖs law implies that the overall value of these blockchain fragments combined would be a mere tenth of the original. That is because the value of an open network relates to how many others you can communicate with -- and, in a blockchain, transact with. Since the security of bitcoin currency is achieved through expensive computations, fragmented blockchains are also easier to attack in a conventional manner -- through a 51 percent attack -- by an organized attacker. This is especially the case if the smaller blockchains all use the same hash function, as they would here.

    Traditional currencies are generally not vulnerable to these sorts of asymmetric threats. There are no viable small-scale attacks against the US dollar, or almost any other fiat currency. The institutions and beliefs that give money its value are deep-seated, despite instances of currency hyperinflation.

    The only notable attacks against fiat currencies are in the form of counterfeiting. Even in the past, when counterfeit bills were common, attacks could be thwarted. Counterfeiters require specialized equipment and are vulnerable to law enforcement discovery and arrest. Furthermore, most money today -- even if itΓÇÖs nominally in a fiat currency -- doesnΓÇÖt exist in paper form.

    Bitcoin attracted a following for its openness and immunity from government control. Its goal is to create a world that replaces cultural power with cryptographic power: verification in code, not trust in people. But there is no such world. And today, that feature is a vulnerability. We really donΓÇÖt know what will happen when the human systems of trust come into conflict with the trustless verification that make blockchain currencies unique. Just last week we saw this exact attack on smaller blockchains -- not Bitcoin yet. We are watching a public socio-technical experiment in the making, and we will witness its success or failure in the not-too-distant future.

    This essay was written with Barath Raghavan, and previously appeared on Wired.com.

    EDITED TO ADD (4/14): A research paper on erasing data from Bitcoin blockchain.

    ** *** ***** ******* *********** *************
    Exploiting Spectre Over the Internet

    [2021.03.18] Google has demonstrated exploiting the Spectre CPU attack remotely over the web:

    Today, weΓÇÖre sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector. We have developed an interactive demonstration of the attack available at https://leaky.page/ ; the code and a more detailed writeup are published on Github here.

    The demonstration website can leak data at a speed of 1kB/s when running on Chrome 88 on an Intel Skylake CPU. Note that the code will likely require minor modifications to apply to other CPUs or browser versions; however, in our tests the attack was successful on several other processors, including the Apple M1 ARM CPU, without any major changes.

    ** *** ***** ******* *********** *************
    Easy SMS Hijacking

    [2021.03.19] Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money -- in this case, $16 off an anonymous prepaid credit card -- and a few lies, you can forward the text messages from any phone to any other phone.

    For businesses, sending text messages to hundreds, thousands, or perhaps millions of customers can be a laborious task. Sakari streamlines that process by letting business customers import their own number. A wide ecosystem of these companies exist, each advertising their own ability to run text messaging for other businesses. Some firms say they only allow customers to reroute messages for business landlines or VoIP phones, while others allow mobile numbers too.

    Sakari offers a free trial to anyone wishing to see what the companyΓÇÖs dashboard looks like. The cheapest plan, which allows customers to add a phone number they want to send and receive texts as, is where the $16 goes. Lucky225 provided Motherboard with screenshots of SakariΓÇÖs interface, which show a red ΓÇ£+ΓÇ¥ symbol where users can add a number.

    While adding a number, Sakari provides the Letter of Authorization for the user to sign. SakariΓÇÖs LOA says that the user should not conduct any unlawful, harassing, or inappropriate behaviour with the text messaging service and phone number.

    But as Lucky225 showed, a user can just sign up with someone elseΓÇÖs number and receive their text messages instead.

    This is much easier than SMS hijacking, and causes the same security vulnerabilities. Too many networks use SMS as an authentication mechanism.

    Once the hacker is able to reroute a targetΓÇÖs text messages, it can then be trivial to hack into other accounts associated with that phone number. In this case, the hacker sent login requests to Bumble, WhatsApp, and Postmates, and easily accessed the accounts.

    DonΓÇÖt focus too much on the particular company in this article.

    But Sakari is only one company. And there are plenty of others available in this overlooked industry.

    Tuketu said that after one provider cut-off their access, ΓÇ£it took us two minutes to find another.ΓÇ¥

    Slashdot thread. And Cory DoctorowΓÇÖs comments.

    ** *** ***** ******* *********** *************
    Details of a Computer Banking Scam

    [2021.03.22] This is a longish video that describes a profitable computer banking scam thatΓÇÖs run out of call centers in places like India. ThereΓÇÖs a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, and then that theyΓÇÖve mistyped a dollar amount and have received a large refund that they didnΓÇÖt deserve. Then they convince the victims to send cash to a drop site, where a money mule retrieves it and forwards it to the scammers.

    I found it interesting for several reasons. One, it illustrates the complex business nature of the scam: there are a lot of people doing specialized jobs in order for it to work. Two, it clearly shows the psychological manipulation involved, and how it preys on the unsophisticated and vulnerable. And three, itΓÇÖs an evolving tactic that gets around banks increasingly flagging blocking suspicious electronic transfers.

    ** *** ***** ******* *********** *************
    Accellion Supply Chain Hack

    [2021.03.23] A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide.

    ThereΓÇÖs much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software.

    The governor of New ZealandΓÇÖs central bank, Adrian Orr, says Accellion failed to warn it after first learning in mid-December that the nearly 20-year-old FTA application -- using antiquated technology and set for retirement -- had been breached.

    Despite having a patch available on Dec. 20, Accellion did not notify the bank in time to prevent its appliance from being breached five days later, the bank said.

    CISA alert.

    EDITED TO ADD (4/14): It appears spy plane details were leaked after the vendor didnΓÇÖt pay the ransom.

    ** *** ***** ******* *********** *************
    Determining Key Shape from Sound

    [2021.03.24] ItΓÇÖs not yet very accurate or practical, but under ideal conditions it is possible to figure out the shape of a house key by listening to it being used.

    Listen to Your Key: Towards Acoustics-based Physical Key Inference

    Abstract: Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raises suspicion. In this paper, we propose SpiKey, a novel attack that significantly lowers the bar for an attacker as opposed to the lock-picking attack, by requiring only the use of a smartphone microphone to infer the shape of victimΓÇÖs key, namely bittings(or cut depths) which form the secret of a key. When a victim inserts his/her key into the lock, the emitted sound is captured by the attackerΓÇÖs microphone.SpiKey leverages the time difference between audible clicks to ultimately infer the bitting information, i.e., shape of the physical key. As a proof-of-concept, we provide a simulation, based on real-world recordings, and demonstrate a significant reduction in search spacefrom a pool of more than 330 thousand keys to three candidate keys for the most frequent case.

    Scientific American podcast:

    The strategy is a long way from being viable in the real world. For one thing, the method relies on the key being inserted at a constant speed. And the audio element also poses challenges like background noise.

    Boing Boing post.

    EDITED TO ADD (4/14): I seem to have blogged this previously.

    ** *** ***** ******* *********** *************
    Hacking Weapons Systems

    [2021.03.26] Lukasz Olejnik has a good essay on hacking weapons systems.

    Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger problem in the near future. We need to think about future wars where the tech simply doesnΓÇÖt work.

    ** *** ***** ******* *********** *************
    System Update: New Android Malware

    [2021.03.30] Researchers have discovered a new Android app called ΓÇ£System UpdateΓÇ¥ that is a sophisticated Remote-Access Trojan (RAT). From a news article:

    The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone (it will inventory the rest of the apps on your phone, for instance).

    The app can also monitor your GPS location (so it knows exactly where you are), hijack your phoneΓÇÖs camera to take pictures, review your browserΓÇÖs search history and bookmarks, and turn on the phone mic to record audio.

    The appΓÇÖs spying capabilities are triggered whenever the device receives new information. Researchers write that the RAT is constantly on the lookout for ΓÇ£any activity of interest, such as a phone call, to immediately record the conversation, collect the updated call log, and then upload the contents to the C&C server as an encrypted ZIP file.ΓÇ¥ After thieving your data, the app will subsequently erase evidence of its own activity, hiding what it has been doing.

    This is a sophisticated piece of malware. It feels like the product of a national intelligence agency or -- and I think more likely -- one of the cyberweapons arms manufacturers that sells this kind of capability to governments around the world.

    ** *** ***** ******* *********** *************
    Fugitive Identified on YouTube By His Distinctive Tattoos

    [2021.04.01] A mafia fugitive hiding out in the Dominican Republic was arrested when investigators found his YouTube cooking channel and identified him by his distinctive arm tattoos.

    ** *** ***** ******* *********** *************
    Malware Hidden in Call of Duty Cheating Software

    [2021.04.02] News article:

    Most troublingly, Activision says that the ΓÇ£cheatΓÇ¥ tool has been advertised multiple times on a popular cheating forum under the title ΓÇ£new COD hack.ΓÇ¥ (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.) While the report doesnΓÇÖt mention which forum they were posted on (that certainly wouldΓÇÖve been helpful), it does say that these offerings have popped up a number of times. They have also been seen advertised in YouTube videos, where instructions were provided on how gamers can run the ΓÇ£cheatsΓÇ¥ on their devices, and the report says that ΓÇ£comments [on the videos] seemingly indicate people had downloaded and attempted to use the tool.ΓÇ¥

    Part of the reason this attack could work so well is that game cheats typically require a user to disable key security features that would otherwise keep a malicious program out of their system. The hacker is basically getting the victim to do their own work for them.

    ΓÇ£It is common practice when configuring a cheat program to run it the with the highest system privileges,ΓÇ¥ the report notes. ΓÇ£Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code signing, etc.ΓÇ¥

    Detailed report.

    ** *** ***** ******* *********** *************
    Wi-Fi Devices as Physical Object Sensors

    [2021.04.05] The new 802.11bf standard will turn Wi-Fi devices into object sensors:

    In three years or so, the Wi-Fi specification is scheduled to get an upgrade that will turn wireless devices into sensors capable of gathering data about the people and objects bathed in their signals.

    ΓÇ£When 802.11bf will be finalized and introduced as an IEEE standard in September 2024, Wi-Fi will cease to be a communication-only standard and will legitimately become a full-fledged sensing paradigm,ΓÇ¥ explains Francesco Restuccia, assistant professor of electrical and computer engineering at Northeastern University, in a paper summarizing the state of the Wi-Fi Sensing project (SENS) currently being developed by the Institute of Electrical and Electronics Engineers (IEEE).

    SENS is envisioned as a way for devices capable of sending and receiving wireless data to use Wi-Fi signal interference differences to measure the range, velocity, direction, motion, presence, and proximity of people and objects.

    More detail in the article. Security and privacy controls are still to be worked out, which means that there probably wonΓÇÖt be any.

    ** *** ***** ******* *********** *************
    Phone Cloning Scam

    [2021.04.06] A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. WhatΓÇÖs clever about this scam is that the victim is an Uber driver and the scammer is the passenger, so the driver is naturally busy and canΓÇÖt see what the scammer is doing.

    ** *** ***** ******* *********** *************
    Signal Adds Cryptocurrency Support

    [2021.04.07] According to Wired, Signal is adding support for the cryptocurrency MobileCoin, ΓÇ£a form of digital cash designed to work efficiently on mobile devices while protecting usersΓÇÖ privacy and even their anonymity.ΓÇ¥

    Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend SignalΓÇÖs privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations. ΓÇ£ThereΓÇÖs a palpable difference in the feeling of what itΓÇÖs like to communicate over Signal, knowing youΓÇÖre not being watched or listened to, versus other communication platforms,ΓÇ¥ Marlinspike told WIRED in an interview. ΓÇ£I would like to get to a world where not only can you feel that when you talk to your therapist over Signal, but also when you pay your therapist for the session over Signal.ΓÇ¥

    I think this is an incredibly bad idea. ItΓÇÖs not just the bloating of what was a clean secure communications app. ItΓÇÖs not just that blockchain is just plain stupid. ItΓÇÖs not even that Signal is choosing to tie itself to a specific blockchain currency. ItΓÇÖs that adding a cryptocurrency to an end-to-end encrypted app muddies the morality of the product, and invites all sorts of government investigative and regulatory meddling: by the IRS, the SEC, FinCEN, and probably the FBI.

    And I see no good reason to do this. Secure communications and secure transactions can be separate apps, even separate apps from the same organization. End-to-end encryption is already at risk. Signal is the best app we have out there. Combining it with a cryptocurrency means that the whole system dies if any part dies.

    EDITED TO ADD: Commentary from Stephen Deihl:

    I think I speak for many technologists when I say that any bolted-on cryptocurrency monetization scheme smells like a giant pile of rubbish and feels enormously user-exploitative. WeΓÇÖve seen this before, after all Telegram tried the same thing in an ICO that imploded when SEC shut them down, and Facebook famously tried and failed to monetize WhatsApp through their decentralized-but-not-really digital money market fund project.

    [...]

    Signal is a still a great piece of software. Just do one thing and do it well, be the trusted de facto platform for private messaging that empowers dissidents, journalists and grandma all to communicate freely with the same guarantees of privacy. DonΓÇÖt become a dodgy money transmitter business. This is not the way.

    EDITED TO ADD (4/14): Moxie Marlinspike is on the advisory board for MobileCoin, which was designed for the purpose of providing a payment function in Signal.

    ** *** ***** ******* *********** *************
    Google's Project Zero Finds a Nation-State Zero-Day Operation

    [2021.04.08] GoogleΓÇÖs Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by ΓÇ£Western government operatives actively conducting a counterterrorism operationΓÇ¥:

    The exploits, which went back to early 2020 and used never-before-seen techniques, were ΓÇ£watering holeΓÇ¥ attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed.

    [...]

    ItΓÇÖs true that Project Zero does not formally attribute hacking to specific groups. But the Threat Analysis Group, which also worked on the project, does perform attribution. Google omitted many more details than just the name of the government behind the hacks, and through that information, the teams knew internally who the hacker and targets were. It is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down the method of attack.

    ** *** ***** ******* *********** *************
    Backdoor Added -- But Found -- in PHP

    [2021.04.09] Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject ΓÇ£fix typoΓÇ¥ and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the InternetΓÇÖs websites use PHP, itΓÇÖs scary.

    Developers have moved PHP to GitHub, which has better authentication. Hopefully it will be enough -- PHP is a juicy target.

    ** *** ***** ******* *********** *************
    More Biden Cybersecurity Nominations

    [2021.04.13] News:

    President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John ΓÇ£ChrisΓÇ¥ Inglis as the first ever national cyber director (NCD).

    I know them both, and think theyΓÇÖre both good choices.

    More news.

    ** *** ***** ******* *********** *************
    The FBI Is Now Securing Networks Without Their Owners' Permission

    [2021.04.14] In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities were patched, the shell would remain until the network operators removed it.

    Now, months later, many of those shells are still in place. And they're being used by criminal hackers as well.

    On Tuesday, the FBI announced that it successfully received a court order to remove "hundreds" of these web shells from networks in the US.

    This is nothing short of extraordinary, and I can think of no real-world parallel. It's kind of like if a criminal organization infiltrated a door-lock company and surreptitiously added a master passkey feature, and then customers bought and installed those locks. And then if the FBI got a court order to fix all the locks to remove the master passkey capability. And it's kind of not like that. In any case, it's not what we normally think of when we think of a warrant. The links above have details, but I would like a legal scholar to weigh in on the implications of this.

    ** *** ***** ******* *********** *************
    Upcoming Speaking Engagements

    [2021.04.14] This is a current list of where and when I am scheduled to speak:

    IΓÇÖm keynoting the (all-virtual) RSA Conference 2021, May 17-20, 2021.
    IΓÇÖm keynoting the 5th International Symposium on Cyber Security Cryptology and Machine Learning (via Zoom), July 8-9, 2021.
    IΓÇÖll be speaking at an Informa event on September 14, 2021. Details to come.

    The list is maintained on this page.

    ** *** ***** ******* *********** *************

    Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security technology. To subscribe, or to read back issues, see Crypto-Gram's web page.

    You can also read these articles on my blog, Schneier on Security.

    Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.

    Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of over one dozen books -- including his latest, We Have Root -- as well as hundreds of articles, essays, and academic papers. His newsletter and blog are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org. He is the Chief of Security Architecture at Inrupt, Inc.

    Copyright © 2021 by Bruce Schneier.


    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: A Destination in the Sun (618:500/14)