WILTW: BETTER ENCRYPTION & BAD 4G MODEMS (6)

WILTW (What I Learned This Week) is a (hopefully) never-ending series of mini-posts, once a week, until the end of time. Terms and holidays apply.

Stronger encryption for HTTPS and SSH

Logjam and all the other SSL/TLS attacks are not news anymore, but vulnerable servers are still everywhere on the Internet. But apart from those, most servers are using increasingly weaker algorithms and key sizes.

I was reading the ISOC article about this, which quotes information from a published paper that raises concerns about how Diffie-Hellman key exchange is implemented in TLS applications.

Ever since Logjam was discovered, the folks at weakdh.org have provided a tool to test your browser and web server for weak crypto. They also supply some configuration for common servers (apache, nginx, postfix etc.) should you be willing to restrict available ciphers and hashing algorithms to the safer ones.

They don't cover SSH in a lot of depth, so I was looking for more and found this awesome article, which explains all the options you have for both client and server side.

Bad, bad modem!

A bunch of Russian researchers have posted the results of trying to mess about in many nasty possible ways with 3G/4G modems - Remote Code Execution, Integrity attacks, Cross-Site Request Forgery and Cross-site scripting. They're basically vulnerable to everything and most vendors aren't even lifting a finger to fix the problems as many of their findings are still 0-day even now, many months after they disclosed the vulnerabilities.

All in all, we have a full infection cycle of devices and related PCs. Using the infected devices, we can determine location, intercept and send SMS messages and USSD requests, read HTTP and HTTPS traffic (by replacing SSL certificates), attack SIM cards via binary SMS messages, and intercept 2G traffic. Further infection can continue through the operator's networks, popular websites or equipment infected by worms (when connecting a new device).

Yeaaaaaaah.

Apparently the only ones that fixed reported holes in their firmware were Huawei, so bonus points to them for that!

Until next week

Did you learn anything interesting this week? Let me know or share it with everybody else in the comments below!

And, as always, thanks for reading.


comments powered by Disqus