SwiftOnSecurity

The gravest impacts of this are established societal and industrial infrastructure. Bank communications. Infrastructure control. Heavy industry. This is a much different threat than is traditionally discussed or news consumers really understand the ramifications of.

Because both TLS communication stream encryption and Authenticode file validation are impacted by this flaw in PKI validation, the normal ways this is guarded against for program updates, are both compromised. There are a few that go beyond this, but it’s exceptionally rare.

This is a fast-checkmate flaw for a hugely resourced and patient global actor like the NSA, but it’s a far greater systemic threat to the United States, which explains why this was properly disclosed to Microsoft.

Innumerable protocols and transactions are protected with x509. Enterprise voice, VPN, really everything these days is being wrapped up in HTTPS and sent over the Internet. And they all rely on Windows’ correct implementation, which is at fault here.

This probably impacts SmartCards / authentication devices that emulate them, too. The US government uses them extensively for access control on secure networks worldwide. @dakami prodded me to mention this.

Note this SmartCard attack scenario is pure speculation and not based on any background info. I’m not sure if it would work since it might be the wrong place in the chain, I’m not sure.

UPDATE: Attacking SmartCard through this flaw is not likely since it leverages elliptic curve, and those cards are very stuck on RSA. In theory it could be in an artisanal environment, not something to really worry about. I’m leaving these tweets up so others speculating can see.

NEW: @tqbf along with several other cryptographers speculate on how CVE-2020-0601 works at a technical level: https://news.ycombinator.com/item?id=22048619 …

^ @BearSSLnews is the other cryptographer. Update on the SmartCard attack vector: It could work with right scenario, but in practice there aren’t really private roots signing with ECDSA, so there are likely no vulnerable intermediaries. And smartcards are pinned to a private root

Microsoft have built extensive alerting for CVE-2020-0601 which will definitely complicate exploitation, since there’s few in a network position to interdict your traffic, except governments. Yes I know about WiFi/Responder that’s not the main problem here https://twitter.com/amitaitechie/status/1217156973268893696?s=21 …https://twitter.com/AmitaiTechie/status/1217156973268893696 …

After FLAME abused a Microsoft certificate for malware, MSFT added large numbers of hardening solutions to WinUpdate, even for significant security break scenarios. It appears because of this, Windows Update itself is not vulnerable to CVE-2020-0601.https://twitter.com/gossithedog/status/1217242998418935809 …

This appears to show a private exploit for CVE-2020-0601 has now been developed. Saleem is a trusted researcher.https://twitter.com/saleemrash1d/status/1217495681230954506 …

Update: Chrome has also fallen to CVE-2020-0601 after a few extra constraints it imposes were met. It’s not a web browsers fault or responsibility to defeat an OS-level problem, it’s a flaw in the most basic tenets of Windows’ PKI validation.https://twitter.com/saleemrash1d/status/1217519809732259840 …

Sidenote: Intermediate CA certificate chaining and caching is an interesting problem that can happen in TLS. If you can’t figure out a validation problem, this may be the root cause. And it’s often overlooked since it “works on the developer’s machine” due to their own habits.

Update: - Chrome’s next version (Beta pending release) will detect CVE-2020-0601. - The New Edge browser Microsoft released today also defeats it. It’s not their responsibility to do this, but it is cool to go the extra mile. I don’t have a contact in Firefox about their plans.

I don’t have public documentation to prove this, you’re going to have to contact a security researcher who has an exploit and ask them to test my information.

Ah interesting! Firefox unaffected, makes sense, doh. Although Firefox has adopted parts of the Windows PKI engine for enterprise compatibility, they’re still based on their-in house NSS engine. My oversight. Thanks @saleemrash1d, follow them for more infohttps://twitter.com/saleemrash1d/status/1217533569213640705 …

Mozilla through their NSS engine and trusted certificate store program are a critical part of the global PKI system, we’re lucky to have their diversity of implementation. A very under-appreciated fact outside of small circles.