SERIES: Security Now!
DATE: January 7, 2014
TITLE: New Year's News Catch-Up
SPEAKERS: Steve Gibson & Leo Laporte
SOURCE FILE: http://media.GRC.com/sn/SN-437.mp3
FILE ARCHIVE: http://www.GRC.com/securitynow.htm
DESCRIPTION: This first podcast of 2014 catches us up on all of the news that transpired over the Christmas and New Year's holidays - and there was a LOT of it! (Like it or not, the NSA news just keeps on coming!)
SHOW TEASE: It's time for Security Now!. Steve is back. Our first show of the new year, what are we talking about: the NSA and the ANT protocols. Lots of security news. We'll catch up next on Security Now!.
LEO LAPORTE: This is Security Now! with Steve Gibson, Episode 437, recorded January 7th, 2014: New Year's News Catch-Up.
It's time for Security Now!, the show that covers your security and privacy online, your safety online, with the guy in charge, the “Explainer in Chief” we call him, Steve Gibson. Oh, my goodness, Happy New Year, Steve.
STEVE GIBSON: Yes, indeed. And I was wearing my Explainer in Chief T-shirt for the day up there with you for…
LEO: I loved that.
STEVE: I didn't make it 24 hours. Actually I had a lot of people asking me, “Where did you get that TNO T-shirt?” And it was from one of our listeners. I'm so sorry that I've, like, it was so long ago, it was a couple years ago, and I just kept the T-shirt for the right occasion. I thought this was the right occasion.
LEO: It was the right occasion.
STEVE: It was someone who prints T-shirts professionally, and he just sort of sent me that as a gift to thank me for the podcast. And many people were saying, “Oh, where did you get that?” as if maybe they want one. So if you're still listening to us, Mr. T-Shirt Maker, tweet me or drop me a note or something.
LEO: We should make them.
STEVE: Certainly, yeah, it was very nice.
LEO: It said “TNO” in big letters.
STEVE: Big letters. And then down along the bottom, “Except the Explainer in Chief.”
LEO: So, Steve, so we've got a lot of - it's been, like, it's only been two weeks, but it feels like a year.
STEVE: It does.
LEO: We've got a lot to talk about. But first I'd say, Steve, thank you for coming up to our New Year's Party. We did 20 - it was going to be 24 hours of 2014. It was, like, 23 hours and 48 minutes of 2014.
STEVE: Okay. Yeah, I bailed at about 1:30 a.m.
LEO: Did you?
STEVE: Well, because it was beginning to feel like it was petering out. And I thought, okay, don't think…
LEO: Yeah, it was a perfect time to leave.
STEVE: …much more is going to happen.
LEO: What was going on there, I think it was me, Brian Brushwood, Justin Robert Young, and Will Harris.
STEVE: Filling time, basically.
LEO: No, it was like standing around at the bar. It was great.
STEVE: Oh, okay.
LEO: If you think of it as filling time, then that's fine.
STEVE: Well, I didn't see it. I didn't see it, so…
LEO: You know what we did see, and I have footage, I don't know if I - I don't know. I don't want to embarrass you or anything.
STEVE: Of me with Chad's hair, navigating?
LEO: That was fun.
STEVE: Oh, my goodness.
LEO: And then of course at midnight, at midnight we played in the new year. And Steve apparently danced with Captain Kirk.
STEVE: Well, yeah, you know…
LEO: And you're quite the dancer. Kirk was not very responsive.
STEVE: No, no.
LEO: But you? You know how to dance.
STEVE: And I was sober, believe it or not. That was - actually, I couldn't have done all of that jumping around and spinning and twirling.
LEO: You were fired on coffee. If you didn't - now, we're taking a lot of that New Year's Eve broadcast. There was so much. I went to bed that night, and you know how sometimes you kind of go over the day's events and think about them. I couldn't. There was so much stuff from that 24 hours. We did so many things, including…
STEVE: Plus, in fact, toward the end we were talking about things that had happened that morning as if they were yesterday. I mean, it felt like it was a long time ago…
LEO: Well, it was.
STEVE: …that that happened. And it was four hours, or 12 hours, yeah.
LEO: So, but, Steve, thank you for coming. You showed up almost at the very beginning. We made coffee. So what I was about to say is there were so many things, we didn't want to just put out a 24-hour video. So our editors, once they recover, are working on chopping it into bits. And one of the bits will be Steve making coffee.
STEVE: Yup, we did that, as I had promised our listeners a long time ago when I came.
STEVE: Thank you. Yes, you did like it.
LEO: And then you were very good as the navigation officer aboard the Starship Artemis.
STEVE: Yes, twice. I got the hang of it the first time, and then - or, yeah, by the end of the first time. And then we were much better navigating the second time. So…
LEO: First time I was the captain. I wasn't so good. Then we let Justin Robert Young and Brian Brushwood captain the starship. They were different. A lot of shouting.
STEVE: But that was, you know, also toward the end of the night. And, yeah, lot of fun.
LEO: Anyway, we decided that the event was so much fun that we're going to do it again. In fact, I think we'll be doing it every New Year.
STEVE: Well, and the beer tasting that you and I did, I think, was another one of…
LEO: Wasn't that fun.
STEVE: …the highlights that were sort of unexpected.
LEO: Yeah. With Mary Jo Foley.
STEVE: Yup. And a number of people, that very first beer, I've seen tweets thanking us for introducing them to that sweet pink one.
LEO: The Kriek Lambic, yeah, Lambic. It was a cherry-flavored lambic beer that, you're right, you loved.
STEVE: Well, it was the first one. And I agree, after we went into the tar beers, then…
LEO: You're not a beer drinker.
STEVE: …going back to the cherry was like, whoa, okay. Wait a minute, that's a little fruity.
LEO: It's from a Belgian brewer. It's Lindemans Kriek, and it had cherries in it. It was almost like a fruit punch. So, yeah, that will be another segment we'll chop up.
STEVE: So where will our listeners find these pieces of history, which will be preserved for all time? Will you guys be hosting them? Will they be on TWiT.tv? Because Simon Zerafa, our friend of the show, commented that he was seeing them appearing on the Inside TWiT YouTube account.
LEO: That's where they'll be appearing. So if you go to YouTube.com/insidetwit, so far we've got three segments up. You know what, I am not fully in control of this. What I would like eventually is to have this chopped up even more. But we do have, from the very beginning…
STEVE: The first Game of Geeks…
LEO: Yeah. But, I mean, we have - this is an hour from the - there's three segments; okay? So there's three chopped-up segments. Anyway, YouTube.com/insidetwit. I can't make the editors work too hard. So I think what they're doing, it looks like, is an hour at a time.
STEVE: Well, and I would - I have to tip my hat to your whole crew. I mean, you were standing there asking them, okay, now where should I stand? Now what's next? I mean, because this whole day was mapped out and planned and designed by them. And it was just fabulous. It was an absolute success.
LEO: I think if nothing else we've demonstrated that the studio is an amazing place; that with our very, very talented and motivated staff, we can do amazing things. And I just look forward to doing this every - in fact…
STEVE: And none of the champagne corks broke anything. I was amazed. I mean, I kept waiting. I mean, they were violent; and, you know, there were 24 of them because we kept blowing champagne every hour. And nothing broke.
LEO: I think you're in Hour 3. Yeah, here's the coffee-making. So Hour 3 stream.
LEO: Because when I was out wine tasting - here we are, Steve and I, making coffee, wearing his TNO shirt. So that's in the Hour 3 of 24, just went up on Inside Twit.
STEVE: And you can see there that I had my six-shot venti latte in front of me.
LEO: Oh, yeah.
STEVE: That got me going in order to get there.
LEO: Lesson No. 1, never try to make coffee without being caffeinated, apparently. Heavily caffeinated. Steve's…
STEVE: That's called “booting,” booting your coffee process.
LEO: So what you're saying is this is your firmware, and…
STEVE: That's my BIOS. That's my BIOS, baby.
LEO: The other thing I wanted to mention is last week's episode, which, if you didn't see, do go see. It's a video episode.
STEVE: Oh. You're talking about the holiday episode.
LEO: Yeah, yeah.
STEVE: Yes. Again, fabulous feedback. Every - I've never - I hear nothing negative. Everyone who did say something absolutely loved our blast from the past, the so-called “time capsule episode” that was for you and me meeting the first time in the flesh, 15 years ago. And the shows from ZDTV, the commercials, a lot of them I left in just to sort of set the tenor…
LEO: That's kind of fun, isn't it?
STEVE: …of the time. Yeah. And talking about backing up hard drives to VHS tapes. It's like, okay.
LEO: Yeah. That was a good idea - then.
STEVE: Yeah. So…
LEO: I don't know, if you had those VHS tapes today, I don't think they'd be worth anything, but…
STEVE: I do have the one - I used to drive your production crew in those days crazy. I would, you know, I'd fly up on my own dime and be there and do the shows with you. All I asked for in return was the video.
LEO: Fair enough.
STEVE: I didn't know why, but that's what I asked for. Even when, years later, we were doing it in Toronto and then in Vancouver, I just said, you know - and I'd sort of just politely remind them with email, uh, can you send those tapes? And I'd get four a month. And so I've got all of them. So…
LEO: That's awesome.
STEVE: …we'll have plenty of time capsule episodes in the future.
LEO: That's great. But we do have some catching up to do because…
STEVE: Oh, my lord, yes.
LEO: What's surprising is normally in tech news nothing happens during the holiday break. But bad guys never rest.
STEVE: Oh, well, and it's funny, too, because - okay, so as I have been doing, “Today on Security Now!”: New Year's Eve at the Brick House, which we've already covered. 2013 was certainly not the end of annoying NSA news, not by a long shot. In fact, we have truly unsettling NSA news.
LEO: Oh, boy.
STEVE: It turns out that routers, many routers, are quietly listening on port 32764. We'll discuss that. We've got a note about Mozilla's screaming native code operation progress; Snapchat's massive 4.6 million username and phone number disclosure, involuntary disclosure; and even my long-awaited sci-fi reading guide and much more. So a ton of fun stuff to talk about.
LEO: We will begin the New Year, Security Now!, our 437th episode, in just a moment. By the way, our new time, too. So if you tuned in Wednesday to watch, and we weren't there, that's because we're on Tuesdays now, and not at 11:00 a.m. anymore, but 1:00 p.m. Pacific, 4:00 p.m. Eastern time, 21:00 UTC. We do love you to watch live. That's my preferred thing because you can interact. I can watch the chatroom and so forth. But if you cannot, fear not, because of course on-demand's always available after the fact.
STEVE: And you know, I'm glad you mentioned the chatroom because they were so neat during the New Year's Eve event. And I wanted to make sure that people who are in the chatroom understand the degree to which everybody there is dependent…
LEO: Oh, yeah.
STEVE: …on the chatroom. And you know that because, as I was, someone standing basically anywhere you are in the TWiT Brick House, there is a screen monitoring real-time chat somewhere.
LEO: Oh, yes.
STEVE: All you have to do, you can just look anywhere you are, and there is a scroll happening with what people are saying. I mean, so it really does, like, connect us in and make it an interactive process.
LEO: Yeah, you probably don't realize that if you're not in the studio.
STEVE: Exactly. That's why I want to make it really clear to people.
LEO: You don't watch the chatroom while you're doing your show because you're focused on what you're talking about.
STEVE: Oh, I just couldn't get it. Yeah, no, it would distract me like crazy.
LEO: Well, it's a skill I've learned. In fact, so much so that I can't do it without the chatroom. I don't know if people know this. We don't usually talk about when we're DDoSed, but we did get DDoSed during the show, during - I can't remember what it was. But during one of the shows, maybe it was TNT. And Sarah Lane and I, both who live on the chatroom all the time, the chatroom was down, and we were both thrown. And Sarah said, “Where's the chatroom?” And I said, “It's down, just ignore it.” And it's funny, it's like if you've been doing a Broadway show in front of a sold-out crowd for years, and then suddenly there's no one in the theater. It's weird. So, yeah, that's why the chatroom kept dropping connections. Occasionally this does happen, we get DDoSed. But we have DDoS protection. We flipped the switch, and it was fine. I'm not sure what was going on.
STEVE: I just wanted everyone to know that, I mean, it's a crucial part of the operation there.
LEO: Absolutely. We adore it. We adore it. Let's get to the security news. There's quite a bit of it. Leo Laporte, Steve Gibson, Security Now! on the air. Let's catch up. What did we miss last week?
STEVE: Okay. So, many of our listeners were concerned when I said at the end of 2013 that we would not turn this into the NSA Now! podcast. And so I got a lot of this through Twitter. And so I was tweeting back, no, don't worry. If stuff continues to happen, we'll absolutely cover it. Well, boy. So first of all, don't anyone worry. In fact, next week is just going to be a deep dive into one of the stories I'm going to discuss this week, but kind of cover the surface of it because there is so much there, I just haven't had time, I haven't set aside the amount of time I'm going to need to give it the kind of coverage I want.
But first, what has to be the most disturbing news of both the old and the new year was something that came to light through a Reuters story and surprised everyone, that RSA, the famous cryptographic research and cryptography commercializing company, founded by serious academic cryptographers who developed a lot of these technologies, accepted $10 million from the NSA in order to set that weak pseudorandom number generator as the default, we believe. That's what this Reuters story alleges. Which is to say - now, okay. To remind people a little bit, there was a set of four pseudorandom number generators that the National Institutes of Standards and Technology (NIST) was establishing as standards. People could use them, and they were saying they generated really good random numbers.
So when we've covered this, as we did in 2013, and in fact even before that, when the first concerns about this so-called “dual elliptic curve deterministic random bit generator” came out, I was the one who said, “Don't worry about this. Nobody in their right mind would use this one.” There were four, and this was the weirdest and slowest of them. Even if we didn't know that it had been potentially and apparently compromised by the NSA, you don't want a slow random number generator that's no better than the faster ones.
And so I was thinking no one would use it. So it's like, okay, so it's there, and maybe it's been corrupted by dark forces, but who cares. Well, it turns out we then learned it was the default, which, like, okay, that's - you know. And then on the podcast before, last year, I was saying, well, these are smart cryptographers. Why is it the default? How do you explain that that's the default?
And then the other shoe dropped. And while $10 million may not seem like a lot of money, the year that it was paid, that was one third of RSA's annual revenue. And there's a lot of expenses that go against revenue. This was expense-free. They had to set a bit somewhere in order to have that be the default random number generator that you get when you use their BSAFE library. And I haven't mentioned this or shown this before, Leo. But I own the BSAFE library.
LEO: Oh. Oh.
STEVE: I mean, this is it. I mean, this was the standard of cryptography at the time. I purchased it years ago. And in fact the copyright on this copy is 1992. I looked this morning, yep, copyright 1992.
LEO: So that predates this arrangement.
STEVE: Exactly. And here on the page of random number generators, they only have two, and they are hash-based pseudorandom number generators. So that's before all of this happened, and it was pure then. Subsequently, here is a page from release notes of RSA BSAFE. This particular version of BSAFE is called Share for C/C++ 1.1. And in the release notes, the very first item under Content says New Features, and the second item is Changes. And on Page 2, which is where we get Changes and New Features, the very first item under Changes says: “The changes in this release of Share for C include” - the first one - “all random numbers generated for use in Share for C are generated by the dual elliptic curve (EC) deterministic random bit generator (DRBG) using the P-256 prime curve.” And it says, “(128-bit security strength by default).” So that is exactly, I mean, this is, and this is dated 15th of September, 2009.
LEO: Oh, man.
STEVE: So that's, I mean, that was the page from the release notes showing the change when this happened about five years ago. So the wording of this in the article I thought was really perfect. So I'm just going to share this. This is exactly as Reuters wrote it. They said: “An algorithm called Dual Elliptic Curve, developed inside the NSA, was on the road to approval by the National Institutes of Standards and Technology (NIST) as one of four acceptable methods for generating random numbers. NIST's blessing is required for many products sold to the government and often sets a broader de facto standard,” meaning within the entire computer industry, which certainly is the case.
“RSA adopted the Dual_EC_DRBG algorithm even before NIST approved it. According to an official familiar with the proceedings, the NSA then cited the early use of Dual Elliptic Curve [PRNG] inside the government to argue successfully for NIST approval. RSA's contract” - that is, this one for which they received $10 million - “made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than the technologists. 'The labs group had played a very intricate role at BSAFE, and they were basically gone,' said labs veteran Michael Wenocur, who left in 1999. Within a year, major questions were raised about Dual Elliptic Curve. Cryptography authority Bruce Schneier wrote that the weaknesses in the formula 'can only be described as a back door.'”
So what we have is sort of a classic bureaucratic bureaucracy management where the technologists weren't involved, whereby paying RSA to make it the default in their package. After BSAFE was then in use, and it wasn't yet approved, the NSA got it approved, got the NIST to approve it because it was in use. And it was in use only because RSA had been paid $10 million to put it in use. So, I mean, it's stomach-turning.
LEO: Wow, yeah.
STEVE: Yeah. And I want to draw some contrasts here because we're going to be talking about the Der Spiegel article here in a minute, and the amazing revelations there. This is of concern because what we believe is that this then widely used package became the core random number generator, like throughout the industry, and that the NSA had unique knowledge of RSA's documentation, and they believed I'm sure that it gave 128 bits of strength. It is probably not 128 bits strong if you know the way in which it's biased. And it's probably been biased deliberately.
I mean, there was really no evidence, even as suspicious as we were of it, there was no concrete evidence. But the fact that it's the slower of the four - and the other three are based on sound technology. They're based on hashing, or they're based on a good cipher. Running a cipher, using a cipher with a key to generate pseudorandom data is absolutely an acceptable, bulletproof way of generating that data. If the cipher is good, the pseudorandom data will be good, too. Similarly, running a hash in a cycle where the output goes back into the input, if the hash is a good hash, you're going to get out really good pseudorandom numbers. Or if you want to key it, you use an HMAC, which is basically a means of mixing a key in with the hash and, again, putting in data that will come out pseudorandomly. Those are all recognized strong techniques.
And then out of right field comes this thing that the NSA designed and wants added, and then arranges to make the default, even though it's unproven and improvably secure, where the other ones are, and the slowest of all of them. So, I mean, if we didn't have enough reason already to be suspicious, the fact is that now we get this report from a very reputable source. And people have since been interviewed, and they've said, yeah, uh, yeah.
LEO: Yeah? Yeah? Yeah?
STEVE: And RSA's conference is coming up at the end of February, the annual 2014 RSA Security Conference.
LEO: Oh, that's going to be interesting.
STEVE: Well, several major speakers have dropped out in protest.
LEO: This is so damaging.
STEVE: I know.
LEO: True or not. And I think it probably is true. But true or not, this is so damaging to U.S. interests.
STEVE: Yeah. Yeah, well, wait till we get to damaging to U.S. interests. That's our next story. I will note, however, for anyone who's attending, don't leave the conference early because he'll probably be pretty funny. Stephen Colbert has been confirmed as the closing keynote of the conference. And so lord knows what he's going to do.
LEO: It's all showbiz now.
STEVE: I hope the RSA knows what he's going to do. Yikes. Sorry for a little noise here in the background. We have a garbage truck is going to empty some cans. Okay. So, next up. And this is what I want - I need to look at this more closely than I have been able to, and I will do it for next week because it fascinates me, and we can't do it justice along with everything else we have to talk about this week. So this is the tease, the setup, essentially, for next week's episode. And this is the so-called ANT division of NSA, whose catalog of exploits for nearly every major software and hardware and network came to light from an article in Der Spiegel.
And I tweeted this. I guess I just tweeted the link to the catalog this morning. As we have been doing now, this is the fifth episode where I have been posting the same show notes that you and I are reading right now, Leo, as part of the material over at GRC for the episode. And I tweeted the link to the show notes before we began so that people who are watching in the chatroom can also read along. I created a bit.ly shortcut for this catalog, so it's bit.ly/, all lowercase, nsa-ant [bit.ly/nsa-ant]. And this is a WordPress blog that's leaksource.wordpress.com is where that bit.ly expands to. And it truly makes your head spin, to the extent that Bruce Schneier, who has also not been happy as a consequence of the Snowden links and everything that has come from it, Bruce is now doing a blog post a day to take each of these on in turn.
So to give our listeners a sense for it now, what this page describes, what it contains is a series of image slides from this catalog which lists dates when the exploits are becoming available, what versions they're in, how much they cost. Some of these are $30. If you just want a cable that allows you to spy on the video information going by, that's 30 bucks. If you want your own GSM cell tower, that'll be $40,000. But you can order one if you're an NSA division that needs that, and they've got one. So these all go by two-word concatenated code names like DeityBounce, or IronChef, or FeedThrough, GourmetTrough, HalluxWater, JetPlow, SouffleTrough, HeadWater, SchoolMontana, SierraMontana, StuccoMontana. They were happy with these Montanas there for a while.
LEO: They like Montana.
STEVE: Yeah, the CTX4000 is a model number of - I think that might be the cell tower or something. It's data collection.
LEO: As Schneier points out in this, though, these are all retail attacks. They're targeted attacks; right?
STEVE: Yes. And so that's - so let me get through this really quickly. So LoadAuto, NightStand, NightWatch, PhotoAnglo, Sparrow II, TawdryYard, Ginsu, HowlerMonkey, IrateMonk, JuniorMint, I mean, some of these are going to go down in history. Maestro-II, SoberKnave, Swap, Trinity, WistfulToll, SurlySpawn, DropoutJeep - and we're going to cover that specifically in a second because that's about iPhones and generated a lot of news over the holidays. GopherSet, MonkeyCalendar, Picasso, ToteChaser, ToteGhostly 2.0, CandyGram, CrossBeam, Cyclone Hx9, EBSR, Entourage, Genesis, Nebula, Typhon HX, WaterWitch, CottonMouth I, II, and III…
LEO: I can't keep up.
STEVE: …FireWalk and RageMaster. I mean, and this is, I mean, it sounds like a joke, but it appears absolutely authentic. And we skimmed over that. But the reason I need to give it a podcast, our listeners will understand next week when I do because there is a disturbing level of detail specified about each of these, what they do and how they work. And what I want to get from studying this, and what I want to share, is sort of the overall gestalt, the mindset; and, stepping back a bit from it, what lessons does this teach us. But what's worth mentioning, Leo, you started into, which is I consider this very different from a deliberate attempt to weaken a random number generator that the entire industry and world uses. And as you said, this is targeted.
This is the NSA wants to penetrate a BigIron Juniper router, and one of these projects allows a division to purchase that technology, or sometimes it doesn't cost anything, to acquire that from this division of the NSA that designs penetration technology. And again, remember that these are exploits for nearly every major hardware and software package. All the router technologies, all, I mean, like the stuff we use all the time. There are fake cell towers, cell tower technologies in a package that the NSA can set up when they want a bad guy's phone to connect to them rather than a real tower.
There's no evidence of collusion on the part of the companies whose material has been hacked. And more and more, I mean, with the exception of the government letters which go to companies which prohibit them from mentioning that they've received one, but which specifically requests data in a certain case, it really, I mean, it is looking like these companies are really taking the brunt of the damage because, even though no one now thinks that they were complicit in this, it's looking like the NSA has really strong hackers who are able to dig right through secure firewalls.
So, I mean, one of the things we see often is BIOS-level attack. And so many of these, as I was scrolling through, generating that list, I was seeing essentially the same graphic, with small variations, recurring. And it looks like - and I'll have an absolute grip on this and grasp of it next week - that one of the things the NSA likes to do is get in and modify firmware. That seems to be one of their approaches is they will launch a targeted attack at a person, and that person will execute code which gets under the OS, down to the motherboard, makes some changes in the firmware, and then that enables a persistent - gives the NSA persistent access to that platform.
But the point I didn't finish making was that modifying a random number generator that everybody uses is really wrong in every way. I mean, it just - that's upsetting. The idea that the NSA probably had this was something we all probably thought. I was never imagining that the NSA was paying RSA $10 million to give the entire world crappy random numbers in a way that they could leverage.
But the idea that there was a division like ANT, the ANT division, that was cooking these other really cool penetration technologies up, that's what we hoped, that's how we hoped our dollars were being spent because they are targeted. They're not blanket monitoring everyone's telephone metadata in the world. It's we think this guy is bad; we need to get in and monitor him.
So next week I'm going to break all of those acronyms down, not individually because there's too many of them, but it's not really necessary. I want to be able to explain to our audience what the NSA wishes we didn't know, which is exactly what this means. What does this mean, essentially, that they're able to do this? And what are they able to do, based on the catalog that is now in public view? But one of those stood out over the holidays, and that was called DropoutJeep. And the question arose, does the NSA have total iPhone access? And it looks like at one point they did. We don't know where they are today.
LEO: That's one thing to mention on all these slides, is they're old. And DropoutJeep is 2008, the second iPhone.
STEVE: Yes. It came out a year after the initial introduction of the iPhone. And remember that another thing we talked about is we know that there are baseband processor vulnerabilities. That's not the ARM7 that Apple is using. That's some component which is actually probably a Snapdragon or some Qualcomm chip because Qualcomm was big into cellular technology. And so it's, like, in charge of all the cellular communications. The ARM7 processor is, like, making icons look pretty. It's all eyewash and GUI stuff, and it's what all of the iOS apps run on. Whereas this Qualcomm or Snapdragon processor, that's the so-called “baseband” processor, and we talked about that a few episodes back, which no one really pays attention to, and the NSA is probably glad because that's very likely their way in is through this aspect that we're just not looking at where everyone's worrying about, oh, is my 16GB encrypted when I type my four-digit passcode, and the NSA's going, uh-huh, good luck with that. We're not worried about that.
So what we know is the NSA had worked on software that would allow it to remotely retrieve, and this is from the reporting over the holidays, virtually all the information on an iPhone, including text messages, photos, contacts, location, voicemail, and live calls. So the slide, of these many for DropoutJeep, says - and here you get a sense for the jargonism of the NSA. It's a StraitBizarre, that's another concatenated pair of words, S-t-r-a-i-t, StraitBizarre - that's a noun, apparently, in this jargon - based software implant - and that's a word we see, the NSA uses the term “implant” for this kind of exploit - for the Apple iPhone - and I'm reading from the slide - operating system, and uses the ChimneyPool framework. DropoutJeep is compliant with the FreeFlow project. Isn't that nice. Therefore, it is supported in the Turbulence architecture.
And so we have a block diagram, six blocks connected in a circle so that they're chasing their tail. It starts with the NSA ROC Operator. Then that has an arrow pointing to the Load Specified Module, which then goes to Send Data Request, which then links to iPhone Accepts the Request, and then Retrieves Requested SIGINT Data, and that points to Encrypt and Send Exfil Data. We know that that's exfiltration, meaning out. And then that returns, the final arrow returns us back to NSA ROC Operator.
So what that is saying is that, once an iPhone has had this implanted in it, the DropoutJeep StraitBizarre implanted in it, then in real-time the NSA ROC operator can query that iPhone over its communications protocol for whatever they want. And so below this diagram it says “DropoutJeep is a software implant for the Apple iPhone that uses modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, et cetera. Command, control, and data exfiltration can occur over SMS messaging” - okay, slowly - “or a GPRS data connection. All communications with the implant will be covert and encrypted.” Don't we wish our own communications with an iPhone were.
“The initial release of DropoutJeep will focus on installing the implant via close access methods. A remote installation capability will be pursued for a future release.” So that's what we know. I mean, that gives you a sample, a feeling of one of those incredible number of exploits that are available in the catalog.
LEO: But because it's old, that's a snapshot of what they could do in 2008. I mean, presumably they're keeping this stuff up to date and can do more, and work with more modern operating systems, et cetera.
STEVE: Yeah. Yeah. And, I mean, if we've learned anything over the years that we've been looking closely at security on the podcast, it's that very complex software, and unfortunately all of our software today is very complex, has bugs. I mean, it's not yet the second Tuesday of the month. That'll be - or is it? No, it's not. That'll be next Tuesday. And Microsoft will roll out their bugs du month for us at that point. And, I mean, there's never been a month without them.
And all the other software products that are really complex have problems. So if you have enough money, and you are sufficiently motivated, really it's hard to argue that there isn't a way in. And so basically this is the quiver of arrows that the NSA has created for themselves and, as you said, Leo, even though these are old, has doubtless been creating even more frantically recently as the ante has been upped on this and as they've been able to obtain more money and budgets and more technology. And look at the center that they're building down there in Utah for this. So, yeah. Wow.
Another little bit of news came up, and that was - it sort of put me in mind of the question, when is a power light not a power light? And the answer is when it is separately controlled by firmware.
LEO: I know where you're going with this one.
LEO: Didn't we have this discussion when we first talked about the idea of taking over webcams?
LEO: Could you do that without tripping the red light?
STEVE: Exactly. And of course my advice, which has stood the test of time, is put a sticker over it.
LEO: It think it will continue to stand the test of time.
STEVE: Yeah. I mean, it's still not the case, from what I've seen, that laptops have a mechanical shutter. But they absolutely should.
LEO: Some do. They're starting to do that, yeah.
STEVE: Oh, good. Good, good, good, good. They absolutely should. I was going to mention the laser that I own, the very high-power laser, which has triple interlock, as law requires. And one of them is a delay. When you press the button to turn it on, there's a legally enforced delay before it engages. It also requires a key, separately from the button, a key switch that must be engaged. And law requires a physical shutter over the front. And this is why. I mean, obviously, if that shutter is closed, doesn't matter what happens electrically, you've blocked it. You've blocked the photons. And what you want is a reliable photon blocker, folks. You do not want to trust, unfortunately, the technology.
So here's what came to light. It turns out that it is possible, sadly, but hardly surprisingly, to turn on webcams and the cameras on devices. And again, we presume that any device with a light, maybe it can be controlled separately. Wired.co.uk had an interesting article, actually it was late last year, but I liked their description so I want to share it. It's perfect, and we'll discuss it a little bit more. It says: “One signal wire line” - and this is the actual design, and I think this was an early MacBook. Yeah, I'm sure it was a MacBook. “One signal wire line joins the USB interface chip to an input on the imaging sensor” - and that line is called “standby,” or that input is called “standby.” “When the line is held high by the interface chip, the sensor is put into standby mode and thus stops producing data. When [that line is] held low, the sensor is taken out of standby mode and starts [streaming] data. The same line is also wired to the negative side of an LED.”
And actually that's just what you want. So the positive side of the LED is connected probably through a resistor to 5 volts. The negative side is connected to this wire. So when that line is high, it'll be the same. The negative side to the LED is at the same voltage as the positive side. Thus the light is off, and the imaging chip is off because it's getting the high, standby-enabled signal. When that line is pulled low, then the imaging sensor is taken out of standby. And now the LED has voltage across it, probably 5 volts, because the bottom of it is being held at ground, held low, so the LED is on. And now, okay, that sounds great; right? So that whenever the sensor is taken out of standby, the LED is going to be turned on. So in principle this should serve as a hardware interlock.
Unfortunately, the whole system is controlled by a layer of software. When the device driver for the camera is loaded, the host PC uploads a small program into the USB controller. It doesn't have any permanent firmware storage of its own. So it needs to be loaded every time the camera driver is loaded, whenever the machine is turned on. This small program, in turn, configures the imaging chip. The imaging chip doesn't have too many configurable properties. But one thing it does have is whether or not it pays any attention at all to the standby input.
LEO: Why would it pay any attention?
STEVE: So you can disable, in software, the standby input, then not bother bringing it down to take it out of standby; and thus, turning the light on, leave it up as if it's in standby mode, thus suppressing the LED. Yet, if you've changed the firmware associated with the driver, you're streaming data anyway.
So the Wired.co.uk article continues, saying: “Apple's own drivers set a configuration where standby is respected. But other configurations are possible, such as one where the chip ignores standby entirely and always produces image data. With this knowledge in hand, the researchers” - the researchers this article is citing - “wrote a new piece of software to upload to the webcam. This piece of software was much like the normal webcam software, but with two differences: First, it told the imaging sensor to ignore the standby input; second, it ensured that the standby line was always held high to prevent the LED from ever illuminating. Result: a webcam with a hardwired LED indicator that nonetheless allowed image capture without the indicator LED ever illuminating.”
LEO: So I have to tape everything over now.
STEVE: We really do. I mean, that is, again, as I said, the original advice stands. You just, I mean, and why not? I mean, unless you're really using your camera all the time, just put a Post-it note over it. Jenny got freaked out because she got some junk, some malware on her laptop, and it was that one that - it was extortionware that said, oh, it alleged to be from the FBI. And because this was your first offense, you could send them money, and then they would let you off the hook.
LEO: Yeah. She's not running a Mac?
STEVE: No, she's still - she's a Windows person. I have asked her about that because I think a Mac would make a lot of sense for her, too. But this also - so it showed some really distasteful images of child pornography which it said it found on…
STEVE: Oh, yeah.
LEO: That's a new thing. That's disgusting.
STEVE: Yes, it alleged that it had found on her computer, and of course it didn't. But it also showed a picture of her, sitting in front of her laptop. So this thing had used her camera in order to snap a picture of her, to increase the credibility and horror factor of this. And so anyway, just putting a Post-it note, a little piece, just a little one-quarter by one-quarter, just snip off the sticky end of a Post-it note and just stick it over the hole. And it peels off easily, if you ever want to use the camera. But just leave it there, and every time you see it you can just sort of smile to yourself and say, yup, nobody's looking at me. Have to do it.
STEVE: So 32764, Leo.
STEVE: Yes. Now, I know that you are thinking, ah, that's the zip code of Deltona and Osteen, Florida.
LEO: Oh, of course.
STEVE: And you would be correct. But it's not what we're talking…
LEO: There's more to it than that?
STEVE: It turns out it can also be a port number because it's in the range between 0 and 65536, as actually are many zip codes. 32764 is interesting to me because, being Mr. Binary, we all know 32768 is an even power of 2. It is 2^15 is 32768. So this is four less than exactly midway in the port range. So it's like it's four below the exact centerline of ports 0 through 65535. A well-known hacker named Eloi Vanderbeken posted a note on GitHub when he discovered that his Linksys WAG200G wireless DSL gateway was, for no reason he knew, listening and accepting TCP connections on that port. There's no purpose for it, no reason for it. He then discovered that this was also true of Linksys, Netgear, Cisco, and other routers.
Now, this is important, listeners. When I first saw this, it looked like it was LAN only. It turns out it is not LAN only. There are at least five known routers who have this port exposed on the WAN interface of the router, meaning the public Internet: the Cisco WAP4410N-E, with a bunch of firmware models, 2 point something something somethings; the Linksys WAG120N; the Netgear DG834B; and the Netgear DGN2000, with a bunch of firmware models; and, finally, the OpenWAG200. There are many more routers that are exposing this mysterious port on the LAN side. I mean, like 30 or 40, a huge list. All you have to do to get more information is put in the zip code of Deltona and Osteen, Florida, into Google. You put in 32764. Just google “32764.” The first link up currently is the link to the GitHub page. The second and third links are, not surprisingly, relating to real estate in Florida at that zip code.
So what you should do is simply use ShieldsUP! immediately, unless you know you don't have a problem. That's what ShieldsUP! was designed for. And I have a custom port probe as one of the many tests there. So just go to GRC.com, navigate through ShieldsUP!. You'll come to a dialogue with a bunch of buttons. Put “32764,” and then click “probe my port.” And actually you could do it with a URL. I've got a direct probe port URL. I think you just go GRC.com/portprobe=32764.
LEO: Oh, that's nice.
STEVE: So you can just do it that way. And why don't you - can you try that, Leo? I mean…
LEO: Yeah, that's a good question.
STEVE: I should have been a little more prepared here.
LEO: Yes, it does.
STEVE: Yay, it does. There it is. And then…
LEO: Well, it gives you the database; right? I mean, does it do the probe?
STEVE: And so then click “Probe THIS Port.”
STEVE: And, [sound].
LEO: [Sound] Got it.
STEVE: That's the sound.
LEO: That's the probe porting sound.
STEVE: Oh, you do a /x/ and then portprobe=32764, and it'll do it.
LEO: All right.
STEVE: And I got a stealth on my network. And hopefully that's what everyone gets. Stealth or at least closed is what you want. So GRC.com/x/portprobe=32764, and you can instantly check to make sure your router doesn't have that exposed publicly. That's the big concern. Now, so here's the strange thing. Oh, and you're stealth, too, Leo.
LEO: I am indeed, yeah.