Kaspersky Warns of Encryption-Busting Reductor Malware:
Kaspersky says it has uncovered a new malware infection that is able to decode encrypted TLS traffic without the need to intercept or manipulate it.
Known as Reductor, the malware was spotted in April of this year[...].
"Besides typical RAT functions such as uploading, downloading and executing files, Reductor's authors put a lot of effort into manipulating digital certificates and marking outbound TLS traffic with unique host-related identifiers," Kaspersky explains.
[...] Rather than try to man-in-the middle traffic or steal keys, the Kaspersky team found that the Reductor malware works by infecting the browser (either Chrome or Firefox) itself.
"The solution that Reductor's developers found to mark TLS traffic is the most ingenious part," Kaspersky explained.
"They don't touch the network packets at all; instead developers analyzed the Firefox source code and Chrome binary code to patch the corresponding pseudo random number generation (PRNG) functions in the process's memory."
By compromising the random number generator, the malware's operators would know ahead of time how the traffic will be encrypted when the victim establishes a TLS connection, and have the ability to mark that traffic for later use. From there, the malware can easily decode the traffic and see what the transmitted data is, then send anything of interest back to the command server.
Because this data can be decoded, the attacker has no need to actually tamper with the traffic while it is in transit, and thus is able to function without alerting security tools or administrators that something is amiss.
(Score: 3, Interesting) by Booga1 on Friday October 04 2019, @08:12PM
Sounds familiar... I wonder if someone with enough resources might do this just to store everything and decrypt it all later? [wikipedia.org]
(Score: 1) by i286NiNJA on Friday October 04 2019, @08:13PM (6 children)
Nation state action?
Making this post because I want to see discussion on this story.
(Score: 0) by Anonymous Coward on Friday October 04 2019, @08:55PM (4 children)
Unfortunately most of the readership here any more don't even understand what the article is saying. Of course that doesn't stop many of them from commenting anyway. Carry on.
(Score: 3, Informative) by DannyB on Friday October 04 2019, @09:25PM (3 children)
It seemed simple enough to understand for an idiot such as myself. Mess with PRNG and key generation so that a key was constructed with fewer random bits and more known value bits. (even if known value bits are some function of the few random bits) Store communication in a Utah data center owned by a government agency. But no such agency would claim to own it. Then this non existent agency would brute force crack the communications. They don't have to search the entire keyspace because the key has much fewer than expected truly random bits, and the remaining bits are somehow predictable from the few truly random ones. Suppose, for example, that all TLS keys used on your machine fall into a keyspace of 2^64 (65536). It doesn't take long to do 65536 tries to brute force the key decrypt the communications.
Meanwhile, everyone is blissfully unaware. Everything looks great. No obvious tampering with the encrypted data because there was no tampering with the encrypted data. Tampering was done with the key generation.
I find it easy to believe no such agency of any government would want to do something like this.
But also various hacking groups might want to do something like this.
Our own government wants to do away with our ability to have private communications, asking FacesBook to do away with end to end encryption.
In 2013, Snowden showed us that all of our most paranoid theories about government surveillance were not nearly paranoid enough.
The anti vax hysteria didn't stop, it just died down.
(Score: 3, Informative) by coolgopher on Saturday October 05 2019, @02:04AM (2 children)
You meant 2^16, not 2^64. Unless your reality is quirkier than mine.
(Score: 4, Informative) by DannyB on Saturday October 05 2019, @02:41PM (1 child)
Not enough caffeine. I even thought I typed 16
The anti vax hysteria didn't stop, it just died down.
(Score: 2) by coolgopher on Sunday October 06 2019, @01:47AM
Better when it happens in a social post than actual code :D
But yeah, it definitely read as a muscle memory typo than actual ignorance.
(Score: 3, Interesting) by NotSanguine on Friday October 04 2019, @11:08PM
Maybe. But not necessarily. While it's non-trivial to modify the affected libraries to carry out such a compromise, it's not so onerous that a decent programmer couldn't do this without the resources of a state actor.
That said, YMMV.
No, no, you're not thinking; you're just being logical. --Niels Bohr