I’m Not Dead; Just Vacationing

As Mark Twain reputedly quipped, “The reports of my death are greatly exaggerated”; I’ve been relatively inactive for the past six months concentrating on my personal life, which admittedly had been neglected for quite some time. I intend on getting back to work very soon, so please watch this space.

I also enjoy hearing from all of you, so please e-mail (PGP key in the button above) so do say hello! I shall endeavor to be back on deck within the next two months.

Weekly Security Wrap-up

A lot has happened in the security industry in the past week or so. A devastating new vulnerability known as DROWN. As seems to be typical of recent style, this revolves around legacy support, namely SSLv2 which was deprecated years ago and should never have even be supported. We’ve seen similar ‘legacy fallback’ type attack vectors before, like MD5 signature collisions being used to generate false certificates, a worm written for Cisco routers that used the IPSEC security setting of ‘NULL’ (no kidding; a protocol designed for a secure tunnel has an option to disable all crypto) and the list just goes on and on.

Nevertheless people still haven’t learned their lesson about legacy technology and its dangers. Mozilla made the brave step this week to set out a solid timeframe to phase out SHA1 certificates, which are no longer regarded as robust or secure in the wake of the fact that collisons have been found. Nevertheless enterprise users will take their time to upgrade their systems and, ultimately, customer data will leak as a result of their ineptitude (e.g. Target’s mobile app exposing personal information via JSON with no authentication).

Poor design is everywhere. It’s partially the result of bad engineering, but more importantly it is a result of languages which allow programmers to be lax – a perfect example would be PHP.

In other interesting news a new twist on cryptolocker that actually targets websites, defacing them and encrypting their files and replacing the index.html/.php/.shtml file with one containing a notice advising them to deposit a specified amount of bitcoin to retrieve the AES key to decrypt the data. We’ve seen cryptolocker target personal computers and the data contained therein, but this new targeting of websites is novel.

The Apple v FBI struggle continues, and it appears likely that Apple will prevail. Apple has every reason not to comply with their directives as it would fundamentally erode trust in their software if users knew there was a government backdoor, even if this backdoor simply eliminated the lockout period between incorrect keycode attempts. Perhaps if the FBI had handled the evidence correctly the whole situation could have been avoided. They now admit that a tech reset the phone’s Apple ID, triggering this whole sorry sequence of events.

I’ve taken a hiatus from bringing you guys up to date security news for quite some time, but now have the time and inclination to begin updating this blog more regularly, so please feel free to visit regularly and engage in conversation. I do not moderate, except where the content is spam or just blatant abuse.

I’m also now routinely signing my posts using GNUPG. To verify my posts, simply view the source and cut and paste the portion between the &lt!-- beginsig --> and <-- endsig --> including those headers and run it through gpg. My key (ID 0xD07C3352) is available from the MIT key servers or from this site (see top menu).

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1 (FreeBSD)

iQIcBAABAgAGBQJW18DKAAoJEN9TVwXQfDNSJlcP/3z1fg1hm3+vvQ/gGpOR+tSB
BrTZexKbZ7gEtxKvVxvQC0ljko/h5TYY+rQKgO75fszZroTk6YjGy/or4B/5uIGX
ZjZWRPYdukfeW6x8cdPSUeZuhZjCvJRsgBcwYZDlrFEvuogZ1T7TS7VVDR7BPBeE
wGbHUQ2ZSRxarHPxgkv6n9NyGYGNo2fzowlq0O9fa5155ReMdiV9SNRh76WZeelf
XqeIQhVsKuO0b3T3ZidxN7PWrxx9BWzKsZTpAdpqVHGTGErXim+awDQHdbQRIklt
+G20gozty0X+V62VwJo3q2Zwmi+dnEWUAvBP+Co08CFjPLhnrgjMXQMmqUngnZxi
G+Gz/m0EOvit2LmtHEqMsJssqU1pqNf9KTpPcMWIS/CHfd2aKmPgn+0vF3yJqrYM
9NGdu3c+XlcavgD2z1HlAba6n/fVbwOA64ks+1DANkT7HCUzG9r+h8Ti2cUVlSey
eMrrQ9jwhb2osnZXK7rCAe9bJFPp6d0eJg6pO5FMu6Ud64U+c5frKDoyLu8fCdlc
vSaAoG9jjvHRLzY3MFt/B7stUtgnYh6jmqojTuPINllhxdFrhanlfZBSthcARIsL
RZ4dVHonJk3e2ynQZFQY2r+y5vB4AcjJ91JxnJh6rG6O+FMiECJblgUccQqgHcad
J9DB+5deBWqNb0PwV4w8
=Nfbt
-----END PGP SIGNATURE-----

New E-Mail Address

Greetings to all of my friends in cyberspace and my apologies for the extended hiatus. Unfortunately the free e-mail provider that I was using via a proxy has locked me out of the account, so the address eb1c4d@yahoo.███ is no longer active. This means that I need to revoke and re-issue the relevant PGP keys, with the new key’s email being eb1c4d@yandex.███.

So, to reiterate – keyID 18209AB6 has been revoked and is superseded by D07C3352. Prior to revocation the new certificate was signed by the old one to maintain the chain of trust. Further information including the complete revocation cert and other data is on the stand-alone page devoted to my keys.

Updated PGP Key Page

During my hiatus I hadn’t updated the PGP key page to provide the key for my newly minted key. As you know, I configure gpg to have my keys valid for just one year to mitigate the dangers of having a key with a long expiry (key theft, etc. is just one of many reasons having a sunset date is a good idea; of course, ensure that you have the revocation certificate for each key ready, perhaps on a USB stick, so that you can take immediate action if anything ever happens).

So, if you haven’t already please head over to my PGP page and cut and paste the ASCII armored block of keys into your software and run an import (on most flavors of BSD/Linux/etc if you are running GNOME, KDE or a similar desktop environment you can just cut and paste the block into a terminal window running gpg –import <<EOF and then use “EOF” on its own line to indicate the end of the input (this feature is what’s known as a ‘here document,’ if you are interested).

Otherwise just be lazy and use the MIT key servers. If you’re using gpg, and all the keyserver to keyserver communication is working correctly you can probably be even more lazy and just issue a gpg –recv-key 0x18209AB6

Please ensure you provide me with your public key prior to commencing with secured conversation. Thanks again!

This Goat Ain’t Dead Just Yet

Unfortunately I’ve had an exceedingly busy time with family members seriously ill amongst a heap of other things that, individually would not rank highly but in concert have made for a very unhappy, anxiety ridden time. Rest assured that this blog and the commentary that it brings isn’t going anywhere and if my hiatus continues much longer I may bring in a few colleagues to post interesting news and findings on my behalf while I slowly recover from this exceedingly stressful time.

Counterfeit Xiaomi Phone – An Intriguing Deception

I figured I’d use this post to detail a matter that’s still under investigation by eBay regarding a seller located in either Singapore or China (supposedly China, but the package had a Singapore EMS number) kindly providing me with a clearly fake Xiaomi Mi3 cellular phone. What’s interesting about this is not so much the fact that counterfeit or otherwise questionable items come from China – we all know that it’s pretty much a risk inherent in doing any sort of business in Asia, and I certainly wouldn’t have even considered making the purchase were I not assured that eBay or PayPal would have my back should the seller do anything dodgy. No, the real story here is how damn good the fakes have become and why a novice user may not even be able to spot that anything is at all amiss. Certainly from a security perspective there is potential here – who the hell knows what’s buried in their firmware. The organization have clearly demonstrated their lack of ethics by producing a counterfeit device, so what other little secrets is this device hiding? Here’s some information – and I do admit that I am being kind of lazy here and using parts of this report as my eBay complaint detail.

The first clue when unboxing the device was that the back of the chassis did not feel exactly like the coated aluminum/magnesium chassis of the original phone – but this is far too subjective to be useful to a first time buyer. I noticed that the USB cable which shipped with the device had a “MI” logo on it – something which the genuine USB cable does not have. The charger is unquestionably of the same style that lacks adequate shielding and was responsible for electrocuting several users a while back, and has MI branding screenprinted onto it in a manner that the OEM simply wouldn’t tolerate (heck, it wasn’t even printed straight!).

The counterfeit USB cable features "MI" branding while the official one does not.

The counterfeit USB cable features “MI” branding while the official one does not.

When booting the phone I noticed that the “Optimizing” screen featured a stock Android jellybean image and not the anime style bunny screen that Xiaomi use for their Mi products (they actually sell these bunnies on their e-store. I can’t see why anyone would love their device so much they have to have a plush logo, but maybe it is cultural). Later I found that the Fastboot and bootloader screens are also missing the Mi branding, something which other users who have discovered fakes and Xiaomi themselves have revealed is a dead giveaway of a clone.

The fastboot is a generic jellybean Android icon whereas the official Mi3 features an anime style bunny.

The fastboot is a generic jellybean Android icon whereas the official Mi3 features an anime style bunny.

This is what the fastboot screen is supposed to look like!

This is what the fastboot screen is supposed to look like!

The screen is another point of contention. If you take a screenshot and then check the properties of the image generated, you’ll see that it has a resolution of 720×1280. This is a problem seeing that the Mi3 has a resolution of 1080×1920. The screen also lacks the oleophobic Gorilla Glass III that the official phone has.

The resolution of the display is 720x1280 and not the expected 1080x1920.

The resolution of the display is 720×1280 and not the expected 1080×1920.

Very few benchmarking applications will run successfully on the phone and are force-closed, presumably by some kind of watchdog script to ensure that users don’t easily discover the truth of what lies inside their device. In the stock “About” screen everything appears in order. One application that did run successfully, hwinfo provides another clue to the schizophrenic nature of the beast – two mutually exclusive product codes are used in the same screen, “pisces” (the TD-CDMA version for China Telecom) and “cancro” (the Qualcomm based WCDMA international version). It also notes an incorrect physical screen size and states a PPI of 320 dpi (official phone reports and is spec’d at 441). If you place the device on an accurate scale you’ll also find that it is several grams off the official weight, something which can’t easily be explained away (hint: the included battery is much smaller than the quoted 3050mah cell).

Both "pisces" (TD-CDMA) and "cancro" (WCDMA) showing in Hardware Info.

Both “pisces” (TD-CDMA) and “cancro” (WCDMA) showing in Hardware Info.

Entering fastboot mode and issuing a “getvar product” to the device reveals its dirty little secret. This device does not contain the Snapdragon 800 MSM8974, rather the Snapdragon S2 era MSM7627A. Geekbench 3, the only benchmarking app I could actually execute successfully on the device reveals in its multi-core test that the device scored a 806, putting it only slightly above the GNex. Other Snapdragon 800 devices scored much, much higher – for example the LG Nexus 5 at 2538 and the Kindle Fire HDX7 at 2730. The single core comparison was even more pathetic, with the device scoring 295 (worse than the Moto G’s Snapdragon 400). It also turns out the reported memory of 2GB is also a downright fabrication, with actual device memory being reported by Geekbench as 843MB – clearly there is only a 1GB module on board.

Fastboot displays MSM7627A instead of MSM8974*

Fastboot displays MSM7627A instead of MSM8974*

The log file from Xiaomi's flashing tool, MiFlash shows the flash failed due to wrong product ID.

The log file from Xiaomi’s flashing tool, MiFlash shows the flash failed due to wrong product ID.

The processor doesn't even remotely approach the scores of a genuine  Snapdragon 800.

The processor doesn’t even remotely approach the scores of a genuine Snapdragon 800.

The memory reported by Geekbench does not appear to correlate with the 2GB specified by Xiaomi.

The memory reported by Geekbench does not appear to correlate with the 2GB specified by Xiaomi.

Xiaomi has an app that is designed to test for fakes, but unfortunately it is Chinese. Nevertheless I ran the device, which reported the device was not a confirmed Xiaomi. I also checked the serial number on the website, which was genuine but had been checked many times, indicating that they are simply cloning “official” serial numbers and issuing them to multiple devices. The IMEI reported to the BTS and the IMEI displayed by the software (e.g. by *#06#) are also different, with the displayed one agreeing with the serial on the box. Obviously they knew that they had to ensure that the IMEI looked unique at least to the cellular network provider lest their little scam be immediately detected by a provider.

Xiaomi's own testing application highlighting in red the device's benchmark versus the expected score in black.

Xiaomi’s own testing application highlighting in red the device’s benchmark versus the expected score in black.

Xiaomi's testing tool highlighting hardware discrepancies.

Xiaomi’s testing tool highlighting hardware discrepancies.

As you’d expect the official Xiaomi firmware will not flash, either using the included updating app or via fastboot. The flashing tool checks the processor model prior to flashing, which obviously returns the incorrect MSM7627A and the flash does not proceed. This is yet another dead giveaway. Another clue is the performance of the phone, which is sluggish at best and lacks sufficient grunt to even decode some audio files in real time without stuttering when multitasking. The barometric pressure sensor provides a constant output of 1013.* mbar with the last digit moving randomly as if the sensor is actually present. Unfortunately this doesn’t even remotely correlate with the area QNH. There is definetely a GPS module present, but fixes take several minutes and are only obtainable and maintained when literally holding the device horizontally in the air.

Perhaps the most disappointing thing about this fake is that the WCDMA module only supports 2100Mhz (official phone supports quad band WCDMA). This makes it useless in our locale except in certain areas where coverage is lacking and my provider uses 2100Mhz mini-cells to enhance coverage in built up areas such as city centers. Everywhere else it unfortunately falls back to GSM, and often cannot even maintain a GPRS or EDGE connection for more than a few brief moments. If you are speaking during handoff to another cell, the phone invariably reboots. It actually seems like it reboots more often than it stays operational. I ensured I was in a 2100mhz serviced area to do these tests, as it was very unstable both without a SIM and on GSM.

Another interesting point is what I found on the embedded flash of the phone – some screenshots in Russian appearing to highlight the same kind of inconsistencies I am speaking of. Evidently the seller attempted to sell the phone to a Russian buyer, who returned the phone after discovering it was a counterfeit and I have been handed his phone (yet another eBay policy violation from the seller, who stated the device was Brand New). An interesting thing the Russian guy noticed and clearly wanted to make evident in one of his captures was the resolution of a captured photo was just 6 megapixel at 16:9 (the phone specs state 13MP).

One of seven Russian language screenshots highlighting inconsistencies.

One of seven Russian language screenshots highlighting inconsistencies.

So, there you have it. Perhaps the worst thing will be waiting for my refund, and perhaps having to pay postage, etc to return this item to the seller. He has already offered me $70 to simply walk away and accept this piece of junk. I don’t think that is going to be happening any time soon.

NB: The only edits made to photography were to redact the cellular network name from the top display of Android in the spirit of this blog never posting personally identifiable information either of my own self or of contributing authors.

Lenovo Superfish: Not The First Time Vendors Have Preinstalled Malware

Aside

The recent fiasco involving Lenovo and what has come to be known as Superfish that amongst other things performs a MiTM attack on TLS encrypted HTTP traffic so that it can still insert advertisments into encrypted pages.

The story broke on Feb 18 when major tech sites and even mainstream media began speaking of a security issue affecting recent laptops from Chinese vendor Lenovo. Given the large amount of negative publicity the company has reacted quite swiftly an has even provided a list of affected laptops and portables along with an easy to use Superfish removal tool. LastPass has a third party tool which will quickly identify the presence of Superfish on your machine. Given that it does not actively hide its presence, there are likely far more straightforward ways to identify the presence of the malware.

Of course this isn’t the first time OEMs have saddled their customers with preinstalled junk that is either annoying or worse compromises the confidentiality of any data on that machine. An excellent example would be the multiple vendors who include a variety of Popcap games which include the perennially problematic OpenCandy advertising engine and trial copies of software that you have no realistic chance of ever requiring let alone purchasing on a whim.

I have a big problem with Microsoft Windows, particularly 8x so any time I purchase a new machine I typically do the following:

  • Boot the machine, skipping the sysprep/OOBE screens so that i may enter Device Manager and note down the hardware within the machine (generally done only if the unit’s manual does not list full specifications and there is no reliable information online).
  • Reboot whilst pressing the boot selection hotkey so that I can boot the clonezilla DVD, which is relatively lightweight and includes the tools we need. Obviously you could substitute any similarly equipped Linux, *BSD or Solaris live CD/DVD.
  • Using hdparm(8) a master password is set on the HDD and if the disk appears frozen, the power connector is temporarily disconnected. An ATA SECURE ERASE (enhanced) is then executed. This ensures that there is no chance of any data remanence (particularly important if your new PC is ex-display and there have been myriad of people playing with it in the store).
  • Following the conclusion of the ATA SECURE ERASE command, smartctl(8) is used to run a long self-test and the outcome of this is noted.
  • I go ahead with the installation of FreeBSD or Debian Linux.