Use VPN to avoid Gogo Man In The Middle vulnerability

3 birds on a wire Google engineer Adrienne Felt recently noticed that Gogo in-flight Wi-Fi was messing with the SSL certificates on secure Google web pages.

Her browser showed a problem with the HTTPs connection, and further investigation showed that the SSL certificate was self signed by Gogo’s own untrusted certificate authority.

This allows them to read all of the supposedly encrypted communications in the clear. That information could include personal, financial, corporate, or other confidential data. It also tends to train users to ignore security alerts, which leaves them vulnerable to any other attacker using the same kind of Man in the Middle attack.

In their response, Gogo EVP / CTO said:

“Gogo takes our customer’s privacy very seriously and we are committed to bringing the best internet experience to the sky. Right now, Gogo is working on many ways to bring more bandwidth to an aircraft. Until then, we have stated that we don’t support various streaming video sites and utilize several techniques to limit/block video streaming. One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it. Whatever technique we use to shape bandwidth, It impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the Internet on a Gogo equipped plane will have a consistent browsing experience.

We can assure customers that no user information is being collected when any of these techniques are being used. They are simply ways of making sure all passengers who want to access the Internet in flight have a good experience.”

I am not very reassured by this, particularly given their previous history of going above and beyond requirements to support law enforcement intercepts. Even if they are acting in good faith, this kind of action puts all users at risk. Any compromise of the proxy server would give full clear text access to the communications of everyone on the plane.

To protect yourself, make sure you use a VPN service (like Anonymizer) to encrypt your traffic out to an endpoint beyond Gogo’s reach.

Nokia did something similar a while back.

Even certificate authorities can’t always be trusted.

Thanks to the following articles:

Gogo Inflight Internet is intentionally issuing fake SSL certificates - Neowin

Gogo Inflight Wifi Service Goes Man-In-The-Middle, Issues Fake Google SSL Certificates | Techdirt

Gizmodo - Gogo Wi-Fi Is Using Man-in-the-Middle Malware Tactics on Its Own Users

GoGo in-flight WiFi creates man-in-the-middle diddle • The Register

 

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Protect your security from ISPs stripping email encryption

Cricket Engineers at Golden Frog recently discovered that Cricket wireless was automatically disabling their email encryption.

It is not at all clear why they were doing this, but we do know how. When an email client attempts to make a secure connection to a server, it sends a STARTTLS command. If the server never sees the STARTTLS, then it assumes you just wanted an insecure connection.

The ISP can easily modify the data stream to remove the request, causing your computer to connect without any encryption. According to the standard, the user is supposed to get a warning about this, but in practice almost all software just fails silently.

The best way to protect yourself against this attack is to encrypt your email end to end. You can use SMIME, which is built into most email clients, or GPG. GPG can be stronger, but it is harder to use, and easy to misuse. Either will significantly improve your security.

The next step is to use a VPN like Anonymizer.com to protect you against your ISP. It will also protect you against anyone else in the path between your computer and your VPN service. Unfortunately between them and the destination server, you are still vulnerable to any hostile ISPs.

https://www.youtube.com/watch?v=aHtVjZJxO_Q

[powerpress]

Some other articles on this attack: Arstechnica, & The Washington Post

Also read:

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on FacebookTwitter, and Google+.

Holder is wrong - backdoors and security can not coexist.

Eric Holder In the article below Attorney General Eric Holder said "“It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy”

This is simply not true, and harkens back to the discredited arguments made by the FBI in the 1990’s about the Clipper Chip. It is hard enough to make secure computing systems, and we are not very good at it as all the breaches demonstrate. Intentionally introducing a vulnerability, which is the essential nature of back door or law enforcement access, is madness. If there is a back door, then keys exist, and can be compromised or reverse engineered. It is an added complexity to the system, which is almost certain to introduce other vulnerabilities. Its use would not be restricted to the US. Once it exists every government will demand access.

Social media and the cloud have tilted the balance of power absurdly towards law enforcement. This argument that they must retain access to encrypted cell phones is fatuous.

Holder urges tech companies to leave device backdoors open for police - The Washington Post

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Apple can't decrypt your phone

IPhone lock screen iOS8 Since it was introduced, Apple has had the ability to decrypt the contents if iPhones and other iOS devices when asked to do so (with a warrant).

Apple recently announced that with iOS 8 Apple will no longer be able to do so. Predictably, there has been a roar of outrage from many in law enforcement. [[Insert my usual rant about how recent trends in technology have been massively in favor of law enforcement here]].

This is really about much more than keeping out law enforcement, and I applaud Apple for (finally) taking this step. They have realized what was for Anonymizer a foundational truth. If data is stored and available, it will get out. If Apple has the ability to decrypt phones, then the keys are available within Apple. They could be taken, compromised, compelled, or simply brute forced by opponents unknown. This is why Anonymizer has never kept data on user activity.

Only by ensuring that they can not do so can Apple provide actual security to it customers against the full range of threats, potentially least of which is US law enforcement.

https://www.youtube.com/watch?v=l236gjtzeTc

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me onFacebookTwitter, and Google+.

If you don't admit you won't decrypt

Broken Disk The Massachusetts High Court recently ruled that a suspect can be compelled to decrypt disks, files, and devices which have been seized by law enforcement. The crux of the question before the court was whether compelling the password for decryption is forbidden by the Fifth Amendment protection against self incrimination.

The analogy one most often sees is to being compelled to provide the combination to a safe, the contents of which are subject to a search warrant. That is well settled law, you can be compelled to do so.

The court said:

We now conclude that the answer to the reported question is, "Yes, where the defendant's compelled decryption would not communicate facts of a testimonial nature to the Commonwealth beyond what the defendant already had admitted to investigators." Accordingly, we reverse the judge's denial of the Commonwealth's motion to compel decryption.

In this case, there was nothing testimonial about decrypting the files because the defendant has already admitted to owning the computers and devices, and to being able to decrypt them.

The much more interesting situation will come in a case where the defendants say they never had, or have forgotten, the password. One can not be compelled to do something impossible, but generally the proof of the impossibility falls on the defendant. In this case one would have to prove a negative. How could you prove that you don’t have the password? The only thing that can be proved is that you do, and that only by doing so.

This ruling is only binding in the sate of Massachusetts, but is likely to be influential in cases in other areas.

Massachusetts High Court Permits Compelled Decryption of Seized Digital Evidence | The National Law Review

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.

Update: It looks like I am wrong about providing the combination to a safe being settled law. Thanks Joey Ortega for setting me straight.

Can you be forced to decrypt your files?

Declan McCullagh at CNET writes about the most recent skirmish over whether a person can be forced to decrypt their encrypted files.

In this case, Jeffery Feldman is suspected of having almost 20 terabytes of encrypted child pornography. Evidence of use of eMule, a peer to peer file sharing tool, showed filenames suggestive of such content. Child porn makes for some of the worst case law because it is such an emotionally charged issue.

A judge had ordered Mr. Feldman to decrypt the hard drive, or furnish the pass phrase, by today. After an emergency motion, he has been given more time while the challenge to the order is processed.

The challenge is over whether being compelled to decrypt data is equivalent to forced testimony against one's self, which is forbidden by the Fifth Amendment. The prosecution position is that an encryption key is similar to a key to a safe, which may be compelled. Some prior cases have come down on the side of forcing the decryption, but not all.

If it was plausible that the suspect might not know how to decrypt the file, that would make things even more interesting. For now, the moral of the story is that you can't rely on the Fifth Amendment to protect you from contempt of court charges in the United States if you try to protect your encrypted data. Outside the US, your mileage may vary.

Blacklisting SSL Certificate Authorities

The Register has an article on Firefox black listing an SSL Certificate authority.

Certificates and certificate authorities are the underpinnings of our secure web infrastructure.

When you see the lock on your browser, it means that the session is encrypted and the site has presented a valid site certificate (so it is who it claims to be).

That site certificate is signed by one of many certificate authorities.

I see 86 certificate issuing authorities in my Firefox now.

Many of those certificate authorities have multiple signing certificates.

Additionally the certificate authorities can delegate to subordinate certificate authorities to sign site certificates.

Any certificate signed by any of these authorities or subordinate authorities is recognized as valid.

These entities are located all over the world, many under the control of oppressive governments (however you define that).

Certificate authorities can create certificates to enable man in the middle attacks, by signing keys purporting to be for a given website, but actually created and held by some other entity.

There are plugins like certificate patrol for Firefox that will tell you when a site you have visited before changes certificates or certificate authorities. Unfortunately this happens fairly frequently for legitimate reasons, such as when renewing certificates every year or few years.

Some certificate authorities are known or suspected to be working with various law enforcement entities to create false certificate for surveillance.

Here is how it works:

The government has certificate authority create a new certificate for a website.

The government then intercepts all sessions to that site with a server (at national level routers for example).

The server uses real site certificate to communicate with the real website securely.

The server uses the new fake certificate to communicate with user securely.

The server then has access to everything in the clear as it shuttles data between the two secure connections..

It can read and/or modify anything in the data stream.

 

Firefox is removing TeliaSonera’s certificate authority from the list in Firefox for this reason. Going forward no certificate issued by them will be recognized as valid. This will impact a large number of legitimate websites that have contracted with TeliaSonera, as well as preventing the fake certificates.

There is a lot of controversy about this. What is appropriate cooperation with law enforcement vs. supporting and enabling dictators.

In any case, this is a failure of the protocol. If the browser shows a certificate as valid when it has not come from the real website, then there has been a security failure.

The SSL key infrastructure is showing its age. It was “good enough” when there were only one or two certificate authorities and the certificates were not actually protecting anything of great importance. Now everyone relies heavily on the security of the web. Unfortunately, while it is broken, it is very hard to replace.

In the short term, installing a certificate checker like certificate patrol is probably a good idea, despite the number of false positives you will see.

In the longer term, there is a really hard problem to solve.


DEA can't break Apple iMessage encryption?

Cnet reports that an internal DEA document reveals that the DEA are unable to intercept text messages sent over Apple's iMessage protocol.

The protocol provides end to end encryption for messages between iOS and Mac OS X devices.

This is not to suggest that the encryption in iMessages is particularly good, but to contrast with standard text messages and voice calls which are completely unprotected within the phone company's networks.

It appears that an active man in the middle attack would be able to thwart the encryption, but would be significantly more effort. The lack of any kind of out of band channel authentication suggests that such an attack should not be too difficult.

If you really need to protect your chat messages, I suggest using a tool like Silent Text. They take some steps that make man in the middle attacks almost impossible.