Bloomberg published an eye-catching story on October 4th entitled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies” in which they described how a major US supplier of server hardware has been compromised via the supply chain. According to Bloomberg, a Chinese manufacturer added an additional tiny chip to the server motherboards that they shipped to Supermicro. This additional chip – claimed to be the size of a grain of rice – was supposedly designed and then inserted by the Chinese military as a hardware-based Trojan. The article claims that “When a server was installed and switched on, the microchip altered the operating system’s core so it could accept modifications. The chip could also contact computers controlled by the attackers in search of further instructions and code.” The manipulated mainboards were supposedly used via a US supplier by at least 30 US tech companies.
This story is a “blockbuster” story for everybody concerned with IT security. That is, if the story is true. However, in my opinion, there is still some reason to doubt these claims.
Researchers have disclosed a vulnerability in popular OpenPGP and S/MIME encryption clients and plug-ins which allows an active attacker to use an email client as a “decryption oracle” (see the “EFail” homepage or their scientifc publication). In other words, if the attacker is in the possession of an encrypted email, he can craft a new email and send it to the recipient of the decrypted email. If the email client used by this recipient is vulnerable, the email client will decrypt the encrypted email and use a (hidden) backchannel to send the now decrypted message back to the attacker.
Two new attacks Meltdown and Spectre have been announced that can be seen as a new class of attacks that make use of so called microarchitectural features in modern CPUs. What makes these attacks special is that they do not exploit a bug in software, but exploit how modern CPUs operate and have been operating for many years.
The complexity of modern processor has been ever increasing to a degree that it is extremely hard for a developer to understand how and in what order instructions are executed on the CPU. Techniques such as out-of-order execution, branch predictions and multiple levels of caches have been integrated in modern CPUs for many years and have been constantly refined. This resulted to great improvements in computation speeds. That this speed optimization can also cause security issues has also been known. For example, implementing cryptographic algorithms on modern CPUs that do not leak sensitive data over so-called timing side-channels has been a major challenge for years. Several academic papers also showed that microarchitectural features such as shared caches can lead to significant data leakages between different processes running on the same CPU or even on multiple CPUs (see e.g. [CSAW07] [usenix14] or [SP15]).
The Reuters headline “Distrustful U.S. allies force spy agency to back down in encryption fight“ actually sounds good for those of us who are upset of the NSA’s history of pushing insecure and backdoored cryptography into standards (see also these nice sounding headlines ). However, when having a closer look these headlines are actually quite misleading. The truth is rather that the NSA gets away with pushing two block ciphers into an international ISO standard despite i) its recent history of undermining standards and ii) the fact that they ignored best-practices in publishing the two ciphers.
Today’s internet security architecture heavily relies on so called public-key cryptography. Without this public-key cryptography, web-traffic encryption does not work and applications such as secure online banking are not be possible. Public-key crypto is well understood and currently no efficient attacks against these cryptographic systems are known. However, already in the 90s Peter Schor was able to show that if a quantum computer can be build all state-of-the-art public-key cryptosystem would become insecure[https://en.wikipedia.org/wiki/Shor‘s_algorithm]. Continue reading