In 2009, while I was researching Surviving Cyberwar, I attended the COSAC security conference outside of Dublin for the first time.
During an open session I posed this question to the attendees: “Can you think of any cyber weapons we may see in the near future?”
There were few responses during the open session but that evening at dinner one of the attendees leaned towards me and said “I have one for you, Microsoft update.” What he was implying was that if an attacker could get between Microsoft’s massive update service and an intended target any machine could be compromised.
After the series of attacks against Certificate Authorities in 2011 that included Comodo, Diginotar and StartSSL, I was perturbed to see a statement from the Comodo Hacker where he claimed to have completely reverse engineered the Microsoft update service.
Last week we learned that the authors of Flame, the spyware that has infiltrated thousands of machines in Iran, were ahead of the Comodo Hacker. Flame uses an MD5 hash collision to create counterfeit Microsoft update certificates. This is a frightening display of sophistication.
One researcher claims that the expense of carrying out the collision could be as high as $200K. There is little doubt that Flame was created by a nation state with considerable technical resources.
Microsoft has pushed out a software update (note that they could not just revoke certificates and replace them, they had to change their software) to address Flame and the authors of Flame have begun to erase it from infected machines.
Microsoft’s certificates now rely on the more secure SHA-1. They have effectively closed the door on Flame copycats of the future. But what about other certificates that are based on MD5?
Jeff Hudson, CEO of Venafi, tells me they have inspected the types of certificates deployed in Global 2000 organizations. Of the 450 companies they have scanned 17% of all certificates are based on MD5. Flame has paved the way for future attacks against organizations that still rely on a technology that was proven vulnerable in 2008. I expect to see this type of attack within a year.
“I often wonder why something so fundamental as knowing which certificates are active on the network, understanding their attributes, and managing the keys associated with the certificates is not a top priority. Especially when managing these instruments radically reduces the vulnerability. This isn’t hypothetical, the compromise and threat has happened time and again.”
At this point we have seen that Stuxnet, Duqu and Flame have used false certificates to infiltrate a network. Flame is just the most sophisticated to date. Thanks to Microsoft’s quick response the enterprise has dodged a cruise missile. Luckily, Flame was surgically targeted at Iran and not a weapon of mass cyber destruction or the carrier of a new widely deployed botnet.
Action must be taken today to discover and root out MD5 certificates from the enterprise. We are beyond the proof of concept stage. Certificate attacks will be with us as long as MD5 based certificates are used to authenticate critical systems.