Flame's MD5 Collision: Most Worrisome Security Discovery of 2012

Friday, June 15, 2012

Richard Stiennon


In 2009, while I was researching Surviving Cyberwar, I attended the COSAC security conference outside of Dublin for the first time.

During an open session I posed this question to the attendees: “Can you think of any cyber weapons we may see in the near future?”

There were few responses during the open session but that evening at dinner one of the attendees leaned towards me and said “I have one for you, Microsoft update.” What he was implying was that if an attacker could get between Microsoft’s massive update service and an intended target any machine could be compromised.

After the series of attacks against Certificate Authorities in 2011 that included Comodo, Diginotar and StartSSL, I was perturbed to see a statement from the Comodo Hacker where he claimed to have completely reverse engineered the Microsoft update service.

Last week we learned that the authors of Flame, the spyware that has infiltrated thousands of machines in Iran, were ahead of the Comodo Hacker. Flame uses an MD5 hash collision to create counterfeit Microsoft update certificates. This is a frightening display of sophistication.

One researcher claims that the expense of carrying out the collision could be as high as $200K. There is little doubt that Flame was created by a nation state with considerable technical resources.

Microsoft has pushed out a software update (note that they could not just revoke certificates and replace them, they had to change their software) to address Flame and the authors of Flame have begun to erase it from infected machines.

Microsoft’s certificates now rely on the more secure SHA-1. They have effectively closed the door on Flame copycats of the future. But what about other certificates that are based on MD5?

Jeff Hudson, CEO of Venafi, tells me they have inspected the types of certificates deployed in Global 2000 organizations. Of the 450 companies they have scanned 17% of all certificates are based on MD5. Flame has paved the way for future attacks against organizations that still rely on a technology that was proven vulnerable in 2008. I expect to see this type of attack within a year.

Hudson said:

“I often wonder why something so fundamental as knowing which certificates are active on the network, understanding their attributes, and managing the keys associated with the certificates is not a top priority. Especially when managing these instruments radically reduces the vulnerability. This isn’t hypothetical, the compromise and threat has happened time and again.”

At this point we have seen that Stuxnet, Duqu and Flame have used false certificates to infiltrate a network. Flame is just the most sophisticated to date. Thanks to Microsoft’s quick response the enterprise has dodged a cruise missile. Luckily, Flame was surgically targeted at Iran and not a weapon of mass cyber destruction or the carrier of a new widely deployed botnet.

Action must be taken today to discover and root out MD5 certificates from the enterprise. We are beyond the proof of concept stage. Certificate attacks will be with us as long as MD5 based certificates are used to authenticate critical systems.

Possibly Related Articles:
Viruses & Malware
Information Security
malware Digital Certificates Attacks Stuxnet Network Security DUQU Flame W32.Flamer MD5 Certificates
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.