Last week the Washington Post reported that “Western officials with knowledge of the effort” said that the malware called Flame had been jointly developed by the United States and Israel.
The main surprise here was the announcement itself. The complexity and sophistication of the Flame malware had led researchers to conclude that it was probably the product of national scale resources. The continuing discovery of apparent connections to the Stuxnet malware, discovered in June 2010, coupled with the evident targeting of Stuxnet against Iranian nuclear work, just reinforced it.
Call it an announcement, an admission, or just an acknowledgement. The big question is: What next?
Flame was accepted as valid Microsoft code because it was accompanied by forged credentials. Specifically, Microsoft’s Terminal Server Licensing Service provided certificates which could be used to sign code, and those certificates were based on an MD5 hash. See Microsoft’s Security Advisory 2718704 from June 3rd for details on an update closing this specific hole.
This is interesting in a geopolitical sense, but does it really matter to you if you aren’t trying to run a not-very-covert nuclear weapons development program?
Yes, actually, it does.
We have known since the summer of 2004 that there were weaknesses in MD5 and the SHA family of hash functions (and see a detailed page of mine if you are curious about the academic background to this). NIST announced their Cryptographic Hash Algorithm Competition in November 2007, an effort to carefully design a replacement hash function to be known as SHA-3. We are now down to the final decision, to be announced later this year.
The NIST hash-forum mailing list has recently carried some discussion of whether any of the finalists might be more susceptible to searches for collisions or at least partial collisions using GPU platforms (that is, computing systems based on Graphics Processing Units such as ATi and nVidia). While GPUs were originally designed just for rendering graphics, they are quite fast at certain other compute-intensive tasks.
One analysis of Flame estimated that the MD5 collision search needed for the certificate forging would have cost about US$ 200,000 using Amazon Web Services’ GPU-based compute clusters.
Are your systems or data worth that much to an adversary?
MD5 should not be trusted. We have known that for years, it’s time to take it seriously. We need to “read the label” carefully to see what assumptions are built into our software, operating systems, and vendor relationships.
If you are interested in learning more of the details, Learning Tree’s introduction to security and cloud security courses discuss hash functions and their role in data integrity, digital signatures and digital certificates, and therefore their role in the security of your systems and data.