SERIES: Security Now!
DATE: February 24, 2015
TITLE: Listener Feedback 207
SPEAKERS: Steve Gibson & Leo Laporte
SOURCE FILE: http://media.GRC.com/sn/SN-496.mp3
FILE ARCHIVE: http://www.GRC.com/securitynow.htm
DESCRIPTION: Leo and I discuss the week's major security events and discuss questions and comments from listeners of previous episodes. We tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world application notes for any of the security technologies and issues we have previously discussed.
SHOW TEASE: It's time for Security Now!. Steve Gibson is here. Oh, yes, of course we're going to talk about Superfish and Komodia and what it really means. And of course nobody better to do that than Steve Gibson. Then 10 of your questions; 10 of his answers. A great Security Now! is coming up next.
LEO LAPORTE: This is Security Now! with Steve Gibson, Episode 496, recorded Tuesday, February 24th, 2015: Your questions, Steve's answers, 207.
It's time for Security Now!, the show where we cover your security and privacy online with the guy who knows more than anybody else out there and is a great Explainer in Chief, Mr. Steven Gibson of the Gibson Research Corporation. Hi, Steve.
STEVE GIBSON: Yo, Leo. Great to be with you again, as always. And we have such a great show that I considered dropping the Q&A to next week, except that next week we may even top this one. As I mentioned a couple weeks ago, “60 Minutes” did a segment which was really unnerving, where they had a group on, talking about in this instance car hacking, who disabled the brakes on an unlabeled vehicle. It had a manufacturing label on it, but they, like, blacked it all out with tape because they didn't want to embarrass the maker of this car.
LEO: Although, as you pointed out, if you knew anything about cars, you probably could figure it out; right? Yeah.
STEVE: Yeah, I'm sure it's, like, everybody except me knew what that was. All of the hybrids sort of look the same. They've got this weird sort of hybrid look to them. And so this was, I think, one of those. And they told Lesley Stahl, who was doing a segment on “60 Minutes,” to stop in front of the orange cones. And so she puts her foot on the brake and runs right through the cones.
STEVE: Anyway, it turns out that this group that were, I guess they were a subcontractor or hired by DARPA to do the research, are fans of the podcast. We're going to have them on next week to talk about…
STEVE: Yeah, to talk about…
STEVE: …carjacking. And actually they wanted to broaden it a little bit. They're also big fans of and [clearing throat] I guess have done some work on drone hijacking.
STEVE: So we're going to talk about vehicle hijacking, vehicle hacking. And because they're - it's funny because when we were talking, going back and forth in email, the guy said, well, one of the main techies managed to get one line into the “60 Minutes” program. You know, it's like, yeah, that's a problem. And I said, oh, yeah, I said, you know, we've all done interviews where they interview us for half an hour and then almost all of it winds up, as they say, on the cutting room floor.
So but for this podcast, because we're techies, we're going to get the whole scoop on, like, what they actually had to do to take over the cars, and what the state of that is. One of these guys is ex-NASA and knows all about what it takes to do formal proving of security because they had to do formal proofs of, like, space shuttle software correctness in order to get, you know, not to have, like, oh, wait, we need a patch for this? No, we can't have any patches on this space shuttle software. So a great podcast next week, and everyone's going to want to catch it.
But this week, of course, we had not only our regularly scheduled Q&A 207, but major, like, everybody was buzzing. In fact, Twitter was really unusable for me for a day while everyone who follows me wanted to make sure that I knew about what I'm calling Lenovo's big mistake because I think that's probably the best way to characterize it. And then we have another stunner from Edward Snowden. We've got TrueCrypt back in the news in a good way; the fact that the HSTS support is gaining its final major adherent; some tidbits and follow-ups; and then, of course, 10 questions from our listeners. So not a dull second, I think, this week.
LEO: Yeah. You've got people glued to their sets. Do you use a set?
STEVE: It's funny because I asked my sister years ago, when my niece and nephew were in high school, I said, “What channels do they watch?” And she says, “Oh, they don't watch TV.”
STEVE: “They watch their laptops.”
STEVE: They cut the cord, like, long ago. So you need to turn the volume up on your laptop.
STEVE: And play this YouTube link which is the first thing on the show notes here under “Komodia.”
LEO: Oh, lord, lord, lord.
STEVE: It's only about a minute. It's about a minute and a half.
STEVE: But it is just a hoot.
LEO: All right. YouTube.com, let's look.
MALE VOICE: So you want to develop a network interception application like parental controls or anonymizers. Maybe you want to do it yourself, or you've already got a working proof-of-concept on a virtual machine supporting one or two browsers. Now the fun begins. You've got to ensure you're supporting all the current OSes and the 64-bit flavors. What about the five leading browsers? And you'll want minimal conflict with the top 40 antivirus products. Could be you want to support HTTP decoding and SSL decrypting. And that's going to get really complex. You could skip doing all this QA, but do you really want your clients doing the QA for you? Twelve to 18 months go by, and finally you can get to work on your core application.
You know, there is an easier way. Introducing Komodia's Redirector [Leo yells], the network interception SDK that allows you to develop your solution instantly. It's used by more than 100 clients, including some Fortune 500 companies, to develop parental control software, anonymizers, game acceleration, and other custom solutions. By using Redirector, you can focus on your core application without getting into technologies like LSP or WFP. With a simple-to-control interface, you can intercept website traffic and network applications [Leo: Oh, my god] from any programming language.
So where do you want to be in the next year and a half? Slaving away with the QA, or launching your product? Make the right choice. [Leo: Oh, my god] Komodia's Redirector. [Leo: Oh, this is…] Get your free 14-day trial now.
LEO: Oh, this is not a joke. That's an ad for Komodia.
STEVE: It is a professionally produced, high-quality ad, basically saying we're producing an SDK which will keep you from having to roll your own. And what happened was that, among many other companies, if we believe them a hundred others, a company called Superfish said, well, we can barely get out of bed in the morning, so we're going to use the 14-day free trial that Komodia is making available, and we're going to wrap our product around that because, boy, that really sounds like it will do the trick and save us all that time independently developing that ourselves.
LEO: Can you explain what it did, too? I mean, I, you know…
STEVE: Oh, yeah. We're going to get there.
LEO: Good. All right, all right.
STEVE: Oh, yeah, yeah. And then along comes Lenovo, who, like so many companies today, is adding crap to their product. I mean, I'm having to - every time I update Flash, I've got to prevent Adobe from installing a trial version of Norton Antivirus on my computer. It's like, turn that off. I don't want that. But unless I'm careful, I get it. And we've talked about all of the crapware, which is probably the best term for it, which is being installed on stuff, retail things that we purchase.
LEO: Did you hear…
STEVE: I've heard everything you've said about it since you heard about this.
LEO: …what Rene Ritchie pointed out from the How-To Geek, remember, How-To Geek did a great piece where they used CNET's Download.com to download a file, and the top 10…
STEVE: Top 10 Downloads.
LEO: …loaded with stuff. But they just updated that piece to say, and by the way, two of the adware programs that you get by using Download.com have Komodia in them.
STEVE: Yeah, yeah. Okay. So…
LEO: So this is everywhere.
STEVE: So my take is that, first of all, it was going to come to light sooner or later, and Lenovo happens to be, as we know, they're now the number one PC producer; right? Or they were until last week. And they unfortunately chose to preload Superfish onto people's systems, and Superfish uses the Komodia SDK, the ad for which we just heard or saw, in order to pull this off.
Now - so, okay. First of all, the greater concern, the sort of overriding concern is that, to some degree, this is a generic response to the same problem the NSA has been complaining about, that is, the NSA has been complaining about - or in general law enforcement, the three-letter initial organizations. Law enforcement generically has been increasingly upset that, in their term, the problem of the Internet going dark because we are increasingly bringing up security. We've got efforts that'll be going online a few months from now from the EFF, the whole adding the technology to essentially make encryption free. It's traditionally not been free because you have had to purchase certificates of varying grades and quality and repute from certificate authorities. And in order to drop the friction of going to TLS to zero, the EFF is going to be doing this “we all encrypt” effort to essentially automate with your server the process of getting and maintaining an SSL certificate.
So even before that, you know, there's been major efforts to move us to security. Google, to their credit, has been pushing this, and maybe overly pushing it, but still pushing it. And the whole HSTS, the HTTPS Everywhere effort, and all of that.
LEO: As somebody said, five years of progress in securing your transactions out the window in one fell swoop. I mean…
STEVE: Okay. So the point is that the Internet is going dark, and law enforcement has been affected by this. But so, too, have other services which we have traditionally relied upon. For example, antiviral software is also doing this. Antiviral software is installing a certificate in our browsers in order to crack open our secure connections in order to do AV scanning inside of SSL tunnels.
So I sort of want to put this in context. We're going to talk about what an extra unbelievably awful job Komodia has done. But the overall view here is that things that we say we want, no one is saying they want visual discovery, which is the Superfish product, which was wrapped around or layered on top of Komodia's odious HTTPS proxy. But I'm seeing HTTPS proxies now being installed by AV software because that's the way they're choosing to solve this problem in order to have visibility into the increasingly SSL/TLS connections that browsers are making.
LEO: Yeah, but I did not ask my antivirus to watch my SSL streams. Who, I mean, do you really want that?
STEVE: That's the default. When you install…
LEO: I don't - but I didn't ask it to do that. Well, I don't use antivirus. But if I did, that's not what - I want to look at why do they want it to do that?
STEVE: Many, well, AV tools, as you know, for years have been filtering our Internet connections, trying to catch this stuff before it gets into our computer. And so if we're saying yes, we want you to monitor our use of the Internet; we want you to block, you know, downloading things. We want you to see that something coming in is bad, really on the fly, before it has a chance of landing and being executed. That's what we're asking for. And so that's what these things are doing now.
LEO: So we are asking for that.
STEVE: We really are, yes. And I found myself - I'm thinking, what was it I just - it might have been Malwarebytes. I turned that off because I knew to turn it off, but it was on by default. And so this is the way this problem is being solved.
LEO: Is it possible to do this safely?
STEVE: Okay. So let's talk about that. The jargon that we saw explode across the Internet was “man-in-the-middle attack.” And while it's technically true, the man that's in the middle is installed on your computer. So this really wouldn't, if done correctly - if done correctly. And that's the key. It's unnerving that all of the certificates that you see when you look at websites are actually signed by your AV. And there is a tremendous responsibility on the AV product to do it correctly because it is so much easier to do it incorrectly. And that's the path that Komodia took. And that's what's actually mostly upset security researchers because, for example…
LEO: Well, there's also the larger issue of, yeah, Komodia is a man in the middle on your system. But it then passes it on to Lenovo or someone, a third party. So it's acting as a man in the middle for somebody else. Presumably your Norton is not doing that.
STEVE: Okay. So the reason everyone's sort of trying to gloss over this is it is complicated. So what any of these things do is they put a certificate in your OS. Now, we should note, this is also what corporations are all doing now because again, they have no choice. Their network's users' traffic is probably mostly today, but probably all in some not too distant future, going to be over secure connections. The corporate IT guys were becoming increasingly blind to what their own corporate IT traffic was. They want border AV. In order to do border AV today, in 2015, you need to crack open SSL connections. And sadly, there's no next level of encryption unless you do something special. That is to say, unfortunately, credit card information and usernames and passwords are being protected by SSL.
I don't want to put a plug in here for SQRL, but of course SQRL doesn't even need SSL to be secure. SSL is optional in SQRL because its own security is so strong, it doesn't rely on that. So using a different authentication system than just usernames and passwords and trusting the SSL encryption does protect you from this. But within a corporate environment, you probably have a certificate.
And in fact I've had the SSL, can't remember what I called it, page on GRC now for quite some time, for a year or so. When I realized this was going on - oh, SSL Fingerprinting. When I realized this was going on, I created a page to allow people to see whether anything was intercepting their certificates. Yup, there it is, Fingerprints. Because GRC has a view of unfiltered certificates, the actual certificates from the sites. And if yours doesn't look the same because a fingerprint cannot be forged, then something is interfering with yours. So nobody behind an AV system which is changing their certs will see the same fingerprint. Nobody using one of these Lenovo laptops or, unfortunately, any of these other hundred products, whatever they are, that is using Komodia, is going to see the same certificate.
Okay. So we want to believe that corporate AV proxies are doing a good job. We want to believe that AV, that is, the AV products we purchase and now probably pay an annual license fee, are doing a good job. Microsoft has a privileged position in Windows in that they don't have to do this in order to provide real-time Internet connectivity filtering, and their stuff does this. The problem is they're always a little bit behind the curve. It takes them a few months to, like, add awareness to this. And I did hear just today that they've added awareness for Superfish to whatever brand of AV they're now offering. So that was a pretty quick response. And fast response is what they're trying to do with their solution.
Okay. So what did Komodia do wrong? There it's sort of hard to know where to start. The first thing they did wrong - okay. So to understand the architecture, in order for these to function, your browser must have the public key of the certificate authority. That's the way the CA system works. So when we talk about the “root CA store” in any of our operating systems - Windows, Android, Mac, doesn't matter, iOS - the root CA store, those are all of the public keys belonging to the certificate authorities who have signed the certificates of remote servers. So when the remote server sets up a connection with us, they have - they've signed the certificate with their private key that they protect, I mean, that's the crown jewels of any of our certificate authorities. They absolutely protect it to their death.
And in fact they protect it so much now that the certificate isn't signed with their root, it's signed with a sub-CA because they don't even want to expose their actual root certificate to even their own signing process, they're so obsessed with security. Nothing gets their private key. So all we have is the public keys. But as we know, that allows us to verify the signature, that is, allows the web browser to verify the signature on the certificate for that site that we have received.
So if you're going to do an HTTPS proxy, if you're going to crack open SSL/TLS connections in order to see in them for whatever reason - in the case of corporate IT to filter the Intranet's traffic before it gets to you in order to look for malware; in the case of AV which you have installed on your machine, that AV tool installed a certificate in your root CA store - because they are going to - the only way this works to intercept, they're going to spoof the certificate from the remote website. When they see you wanting to create a connection, an SSL connection, they intercept that attempt, manufacture a certificate on the fly which they sign with their private key.
And this is the big weakness of all of these systems. That private key, which is never supposed to leave the depths of a real certificate authority, it must exist in that proxy in order to create spoofed remote server certificates, SSL/TLS certificates on the fly. Now, a good implementation of a proxy will create a unique public key to put in your browser, that is, to put in your root CA store. It'll create a unique key pair, a public key and a private key, every single time. The worst thing that Komodia has done is to reuse the same private key throughout their entire product suite.
LEO: So not only is it visible on your machine, but everybody's is the same.
STEVE: Yes. And the password that protects their private key that's in the Superfish software installed on Lenovo laptops and a hundred other software products is “komodia.” It took Robert Graham three hours of poking at this thing…
LEO: It's a great story, by the way. Read his blog post about how he found the password. It's great.
STEVE: Yup, yup.
LEO: He says, “I used ghetto tools.”
STEVE: Exactly. So basically he just said, okay, maybe the simplest dumb thing will work.
LEO: And it did.
STEVE: And it did. Yeah. And he basically…
LEO: So it's the same - now, what is the purpose of the password as opposed to the key?
STEVE: The purpose of the password is supposed to be to - you're supposed to have the password in order to decrypt the certificate's private key on the fly.
LEO: Ah. Oh, okay. Well, that's why you'd want to use the same one for every machine. Simplifies the code.
STEVE: Well, not only the same password. That would be bad enough.
LEO: The same key?
STEVE: But the same key.
LEO: The private key.
STEVE: Now, what does this mean? This means - this is like the Death Star scenario. This means everybody who has any version of the Komodia-based software, a hundred companies including Fortune 100 companies, we don't know, you know, doing parental control software - again, these companies do not roll their own. They say, ah, you're right. We saw the ad on YouTube. We want to save ourselves 18 months of painful cross-platform, cross-browser, cross-everything development. We'll take the 15-day free trial, get the SDK, fire it up. Oh, look how easy it is. Drop it in, off we go. We don't have to do all that. And every one of these products, based on this, has installed the same public key in the root certificate store on all these platforms.
So that it's very much like the Hong Kong Post Office problem except this is worse because at least the Hong Kong Post Office's private key is hopefully unknown. In this case, the private key, it took Rob Graham three hours, 180 minutes of just sort of trying stuff, and he now has it. In fact, it's on Pastebin. Everyone now has it. There's a link to it in the show notes, and all of our listeners…
LEO: In case you want it.
STEVE: …now have it, in case you'd like it. And this allows you to do anything you want on any of those machines. You can now create your own certificates for websites which all of those machines will trust.
Okay. Now, Part 2 of how bad this is, is that during this connection setup, it's now created a fraudulent certificate to make your browser happy. Now it turns around, and it connects to the remote server in order to make the connection to that remote server's HTTPS. Unfortunately, it's got the worst set of security ciphers ever seen. It still has 40-bit, four zero, 40-bit RC4 and MD5 hash as the cipher. Which, you know, which everybody can crack. It does 40-bit - four zero bit - DES, not even 3DES, just once. One DES.
LEO: What? No.
STEVE: I mean, these are ciphers from…
LEO: Is this a high school kid that wrote this? What is…
STEVE: …that everyone stopped using. Even I stopped using them 10 years ago, they're so broken. And this thing supports them all. So all that anyone would have to do is be connecting - now, okay. You would have to still have a server on the other end that agreed to this craziness. But this demonstrates how bad this software is, that it's willing basically to drop all the way down almost to no encryption in order to connect to the remote server and complete your connection.
So there is a site that I link to in the show notes here, Filippo.io/Badfish, which anyone can use. It takes a few seconds, and it will check your system for whether or not you've got Superfish, Komodia, there's another one called PrivDog which has come to light through all of this. That's another - it's a piece of software people install on their computers, not knowing what they're doing and how bad this actually is. And Leo, you just did it, and…
LEO: Now, I'm on a Mac. I'm not vulnerable. Or am I?
STEVE: Well, Komodia says you are. Mac was one of the platforms.
LEO: So they make a tool for Mac developers, as well.
LEO: Now, okay. So you raise a very important point, which I'm glad you did, which is that these so-called man-in-the-middle attacks, these self-signed certificates that companies put on there, are often used for good purposes. But it does point out that you have to trust, if it's your antivirus, that you have to trust that, not only are they trustworthy, but that they've implemented it in a trustworthy way, or didn't borrow Komodia code or something.
STEVE: Or they may even have the best of intentions.
LEO: With the best of intentions, right.
STEVE: They could also have bugs. They could have, like, for example, SQL Server, who thought that a database would cause such a problem?
LEO: Right, right.
STEVE: You know, because…
LEO: So should we just eliminate self-signed certificates? Is that a bad idea?
STEVE: I think it's really a bad idea. I think that, now, Windows apparently has some hooks in it. And I've not taken the time to dig in. But I remember when Microsoft was going to be doing this. They talked about making hooks available for traffic filtering specifically for AV. And I don't know why people are not taking advantage of it. But people aren't. They're just doing this.
LEO: So they don't have to be doing - you don't have to do this.
STEVE: No. I don't think you do. Because Microsoft still is smarting from those antitrust days, and they didn't want to have features in Windows that were exclusive to them. As Microsoft has crept into the AV filtering business in Windows, which they're now solidly in, they've had to make those same hooks available to other vendors.
LEO: Is there a way to go through your certificates on a system and see what certificates…
LEO: And delete ones you don't want?
STEVE: Yes. You can look at your root store. And I'm trying to think, what was it that I - oh, I know. It was on Jenny's laptop. Jenny's laptop got a bunch of crapware installed on it, both hers and her mom's. And I went through and deleted the - and it was doing this. In fact, it may have been, I'm afraid to say this, I think it was Malwarebytes. After I removed Malwarebytes, it left its public key certs behind. And so I went into the Windows - it's called personal - I think it's the personal certificates. Windows divides them up into different places. So you can see the ones that have been added. And they're pretty obvious that, I mean, they're not like DigiCert and Global Trust and Symantec. Or actually Symantec may have installed some, too. I think I have seen - although Symantec, it's VeriSign now, so that may be why those are there.
LEO: So would it say “Komodia” if you have a Komodia cert on there? Would it say it's from…
STEVE: It probably does. It probably just says hi, you know, we're Komodia, trust us. It's like, oh, no.
LEO: On the Mac, you know, you just go to Keychain Access, and you can see both your personal certs easily and other certificates that are installed, and you can go through those and remove those. So on a PC it's a file that you look at?
STEVE: No, you've got to go into…
LEO: Is there a tool?
STEVE: …admin tools. You can go in, it's the Certificate Manager. And I think…
LEO: Ah, okay. So you go to the administrator - you can right-click on your computer, select Properties, and then bring up the Certificate Manager there.
STEVE: Yeah, but it's not surfaced on all systems. Sometimes you have to go into the Run dialogue and go certmgr.msc or something like that, in order to get to the - but certainly you just Google how do I get to Certificate Manager in Windows, and there's lots of stuff there on the 'Net.
LEO: Sounds like anybody who listens to this show should be doing that. You're all sophisticated enough to do that.
STEVE: I really - yes. I absolutely agree.
STEVE: And for what it's worth, the show notes have a ton of more links to all of these things we've been talking about. Get your own copy of the private key if you want and so forth.
LEO: Where do you - yeah. I searched for Certificate Manager on this $59 tablet, actually, and it popped right up. So I can just…
STEVE: Oh, good.
LEO: I can just run that with a $59 tablet. Okay. Good. People should probably do that.
STEVE: Yeah. So…
LEO: It may break some software, though. It might break your antivirus.
STEVE: Yeah, I would say see whether what you see looks like something you want. For example, in corporate IT you don't want to be deleting the certificate that your gateway AV has installed, or you won't be able to get on the 'Net at all. I mean, you'll quickly know that was a mistake. So don't discard these with abandon. I know that our listeners have been having fun with this ever since we've been talking about how - I want to say “rich” and “deep” the certificate store, the root store has grown. There are people who are seeing, who are experimenting, our listeners experimenting with how few they can survive with. And the fact is it is a very steep exponential decay, where you go from 450 down to 10, and pretty much all of the Internet that you care about is being served by the 10 largest certificate authorities on the 'Net. And then it just, you know, nobody is, I mean, how often are you actually encountering a certificate signed by the Hong Kong Post Office?
STEVE: Maybe never. But it's there. So you could - that's the kind of thing you could safely delete.
LEO: Yeah, and I see, for some reason, some weird certificates in my Apple, as well. I might want to just take those…
STEVE: Eh, I know.
LEO: Do not confuse Komodia, which is K-O-M-O-D-I-A, which Comodo, with a “C.”
STEVE: Actually, Comodo is in the doghouse, too.
STEVE: They're the people - yes, Comodo, the CEO of Comodo is involved with this PrivDog tool which some people are feeling is even worse than Komodia. And I thought it was interesting that Comodo, who is unfortunately a certificate authority, they have another branch, or I guess it's Comodo themselves, who are selling software which is doing some of this same stuff.
LEO: [Expelling breath]
LEO: I should have asked. We had Gregor Freund, as you know, on yesterday.
LEO: He was the guy who created the first popular firewall product, which we recommended…
LEO: …heartily for many years, ZoneAlarm.
STEVE: Yeah. We didn't recommend the color. The color scheme was really annoying. But…
LEO: The bright red.
STEVE: Oh, my god. Orange, orange and red.
LEO: Did it make a noise? I feel like it might have made a noise, too, like [harsh buzzer sound]. Anyway…
STEVE: Well, I think it was just when your eyes saw it and there was, like, some neural feedback of some sort because it was, like, ugh.
LEO: But would even - that's more than 10 years old. Would that have used, would all firewall software do this kind of stuff?
STEVE: Because that was just looking at IP addresses and packets and blocking where they were going to. And that's on the outside of the…
LEO: It didn't have to inspect the stream and the contents of the stream to do this.
STEVE: Correct. It's the so-called “deep inspection.” If something's doing deep inspection…
LEO: That's what gets you in trouble, yeah.
STEVE: …the only way to do it is to crack these things open. In fact, one of the other consequences of this we've talked about is that this also breaks all the caching that ISPs are doing. And there has been some rumblings that it may before long become a requirement for customers of ISPs to install the ISP's public key in their root store to allow the ISP to crack open your secure connections for the sake of caching in order to decrease their bandwidth. Because the problem is this absolutely, you know, SSL creates a one-to-one association between your browser, hopefully, and the remote server. And that's having a real impact on ISP bandwidth. Let's hope that never happens.
LEO: Oy, oy, oy.
STEVE: I mean, that's - oh.
LEO: And where would we get your show notes? People are listening, going, okay, I want your show notes. Is that at GRC.com/securitynow?
STEVE: I always tweet, I tweet the link just before the show. So it's in the Twitter stream, and it's always the same format. And they're always linked. So, okay, so you go to GRC.com/sn and then look at the show notes for last week, which are the third - it's the third icon. And then just add one to the number. That is, the URL is just, you know, it just increments.
STEVE: It's something like - I don't have it right here in front of me. It's, you know…
LEO: @SGgrc on Twitter. Just go to Twitter.com/SGgrc, and you'll see the link there.
STEVE: And you'll see it right there, yes.
LEO: Yeah. I'm so scared now. I don't want…
STEVE: Yeah, I mean, it is…
LEO: I'm willing not to have anything do deep packet inspection on my system.
STEVE: I agree. I think…
LEO: I can live without that, thank you.
STEVE: The problem is with doing that comes great responsibility.
LEO: Right. And I don't trust anybody.
STEVE: And Komodia demonstrates how irresponsible it's possible to be. And the problem is, even well-intending AV tools, we're requiring, we're hoping that they're not going to be making any big mistakes.
STEVE: And unfortunately this is a lot to verify. And I agree with you, Leo. I think it's better just to say, no, I don't want anything cracking my traffic open.
LEO: I want my traffic to Amazon and my bank to remain encrypted. Of course, if you're using PGP, if you're using your own personal encryption layer…
STEVE: Another layer.
LEO: …you're safe.
LEO: But you're not with Amazon and your bank because they don't support that.
STEVE: No. Right. In fact, that's a nice segue into our next story because The Intercept dropped the news from another tidbit from Edward Snowden, that GCHQ, the U.K.'s equivalent of our NSA, in cooperation with the U.S. NSA, infiltrated the network of Gemalto. Gemalto is not quite the sole source, but for all intents and purposes the sole source, of the world's SIM cards. They produce two billion SIM cards per year. They're a multinational firm incorporated in The Netherlands. Their clients are AT&T, T-Mobile, Verizon, Sprint - the big four in the U.S. - and 450 other wireless network providers around the world. Gemalto operates in 85 countries, has more than 40 manufacturing facilities, and they've got a major one in Austin, Texas and a large factory in Pennsylvania.
So essentially what we learned - and this is the slide, this is the picture of the week on the front page of show notes is the slide that Snowden captured and has revealed. Essentially, their network was infiltrated some number of years ago, and GCHQ was bragging that they now had all of the private keys in all of the SIM cards that Gemalto has been producing.
LEO: And how many is that?
STEVE: That's all of them, essentially.
LEO: They sell two billion a year.
LEO: So it sounds like it's all of them.
STEVE: It's pretty much all of them.
LEO: All the U.S. carriers use Gemalto. Everybody does.
STEVE: Yup. Everybody. When I saw the name, it's like, okay, I know the name because that's where the SIM cards come from.
LEO: There's no other company? It's all Gemalto?
STEVE: It's basically Gemalto. There are some others like, you know, because there's always room for one more.
LEO: You've got to admire the NSA. I mean, they've obviously hired the best hackers they could afford.
STEVE: You know, Leo, I've been approached at earlier phases in my life, and I remember thinking, eh, working for the NSA would be boring. I was wrong about that.
STEVE: I don't think…
LEO: Only the smartest people work there.
STEVE: Yeah. I mean, they've got mathematicians, but it's the hackers at the NSA who are busy.
LEO: Well, you remember that scene in “Good Will Hunting” where they try to hire the mathematic genius of - and then he says, why should - they said the question you should ask yourself is why shouldn't I work for the NSA? And he has actually a long - it's on YouTube - but very good answer.
[Clip from “Good Will Hunting”]
WILL HUNTING: So why do you think I should work for the National Security Agency?
NSA AGENT: Well, you'd be working on the cutting edge. [Leo: Yes, you would.] Be exposed to the kind of technology that you wouldn't see anywhere else because we classified it.
LEO: What year was this? This is like 1998? '97? We did not know how right they were.
STEVE: Oh, boy.
LEO: And how right Will was, if you listen to his answer.
STEVE: So with the stolen encryption keys, “intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies or foreign governments.”
LEO: Basically, that's the keys. That's the keys.
LEO: They can get anything they want.
STEVE: “Possessing the keys sidesteps the need to get a warrant or a wiretap and leaves no trace on the provider's network that the communications were intercepted. Bulk key theft such as this enables intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt. As part of the covert operations against Gemalto, spies from GCHQ, with support from the NSA, mined the private communications of engineers and other company employees throughout multiple countries. Gemalto was totally oblivious to the penetration of its systems and the spying on its employees. Gemalto has refused to comment, other than to say that they had no prior knowledge that the agencies were conducting the operation” against their network.
Matt Green, our cryptographer friend at Johns Hopkins, explained to The Intercept, that broke this story, “Gaining access to a database of keys is pretty much game over for cellular encryption.”
LEO: What you want to know is what SIM cards does the NSA use? Because I bet it's not Gemalto.
STEVE: Yeah, see, the reason this was a perfect segue that you brought us into was you mentioned that the problem with the lack of trustworthiness of TLS, that is, of HTTPS now, is that we're relying on it for protection of in-the-clear data - credit card numbers, usernames, passwords. When I'm looking at my credit report, it was delivered over SSL, and I'm looking at my Social Security number, and I'm answering questions and confirming things to the website. So that is our sole wrapper of encryption. And so it is not TNO, obviously. We never claimed that it was.
But the good news is that we do have TNO solutions that are essentially encrypting within our cell phone communications. So when you use the encrypted verbal and text communications, them having the decryption key for the wrapper of that, that is, the external tunnel no longer helps them. So this is why having iMessage encryption, even though it's of dubious value with Apple maintaining the keys, I would argue that for most communications iMessage is safe. You just can't absolutely depend upon it. You need to use something like Threema or one of the other tools where you're carrying the obligation of managing the keys, but the flipside is nobody else has them.
So just to finish on the topic of the GCHQ and the NSA and cell phones, 2G was the original platform. Remember, and I've talked about this through the years, I remember, like, telling my attorney, when I was using first-generation analog cell phones, like we'd stop the conversation at some point, and I would say, “Wayne, I'll call you back on a landline once I get to the office.” Because I knew from my own experience you could just get a cheap police scanner, and it would scan the frequencies that cell phones at the time used, and you could hear people's conversations - and some of them were, I mean, it was entertaining - because there was no encryption.
Then we went to 2G, which is the current, still the dominant platform globally. And that encryption is trivially cracked. So you don't really even need the keys for 2G. The NSA can cut through that like butter. And it is still the dominant platform. But 3G, 4G, and LTE, that's not crackable. You need the keys for those. And now we know GCHQ, with the help of the NSA, basically attacked the Gemalto network, got it infiltrated, did what they call “implants” on a number of their servers, and have exfiltrated the database that relates the SIM card to its private key, which you otherwise would not have. They make that data available to the carriers, that is, the carriers have to have that in order to decrypt what this SIM card is doing, that is, they have to know the private key of the SIM card. Nobody else is supposed to know. Well, now we know that, as you said, Leo, got to give them credit. They have all of those.
LEO: They're good.
STEVE: And understand, too, that the other thing, the other factor here is that SIM cards were never introduced originally for privacy. They were introduced to control billing fraud.
LEO: Oh, that's interesting. Ah.
STEVE: Because billing fraud - yes. And so the whole SIM card supply chain never really had security as its focus. It was to bring fraud down, which was rampant in the early days of analog cell phones. So when they went to SIM cards, it was a billing hook. But as a consequence, not that much security surrounded the whole supply chain from one end to the other. And as we know, the weakest link in security is what will get attacked and cracked.
STEVE: TrueCrypt, an update. This was a tweet actually by Matt Green, who has been overseeing the audit of TrueCrypt. The good news is the audit of TrueCrypt, that final version 7.1a, is underway.
LEO: Oh, good.
STEVE: So we'll remember that late in 2013 they brought out the very first crowdfunded audit of TrueCrypt and raised $70,000. Part 1 was finished, and it examined only the boot and the startup, the initialization process, and came out with a clean slate. Then Part 2, which is the much more challenging part, was going to be the detailed look at the cryptography of TrueCrypt from the symmetric encryption through the random number generator and basically everything else.
But then we all got blindsided when late in the spring of 2014 the TrueCrypt authors decided to throw in the towel and pull the plug on the TrueCrypt project. After recovering from the shock of that, taking a look at where things stood, talking to attorneys and so forth, they've decided they're going to move forward. A group called the NCC Group's Cryptography Services has the contract to perform the Phase 2 audit. And Matt wrote that they will be evaluating the original TrueCrypt 7.1a, and are to begin shortly. However, to minimize price and make the donations stretch farther, they've allowed the start date to be flexible, he said, which is why we don't have results yet. But it is underway. And that's the one they're going to be doing.
A lot of people have asked me, what about this or that spinoff? And for what it's worth, the attorneys have examined the license agreement, and all the spinoffs are illegal. It is not legal to do anything with the source code. All we can do is look at what we've got and continue using that. So people may or may not care about the legality of that; but it's a little dicey, then, taking cryptographic software from somebody who you know is breaking the law and who knows they're breaking the law.
And finally, IE is the last browser to adopt HSTS, the strict transport security for HTTP in Windows 10. It's in the technical preview, either now or coming. But IE was the last browser in heavy use that did not support HSTS. And there are a couple interesting things. There is a site, HSTSpreload.appspot.com. That's a site that allows anyone who has a server that wants HSTSpreload to add it to the Chromium list which all the browsers are now using. Firefox and Opera and even IE will be using the official Chromium preload list. GRC.com has been on it now for quite some time.