BlogsRSS

Don Sambandaraksa

NSA backdoors and the Android BitCoin case

Anyone reading the Guardian or the New York Times on Friday could be forgiven for coming away scratching their heads with a quizzical look on their face. To the techy geek, the latest NSA files leak boiled down to, “trust us, we got this from Snowden”, “the US and UK can read your mind,” and “it cost a quarter of a billion dollars.”

Well, almost.

The lack of any technical information on how the Axis of Espionage had broken the internet’s encryption protocols was disappointing given the weeks of detailed revelations that had preceded it, but understandable from an editor’s point of view with lawyers breathing down their necks.

Yes, spooks infiltrate companies and standards bodies to weaken encryption and plant back doors that only they know about. That is such a good idea as obviously nobody else would just happen to stumble upon these back doors and use them for evil purposes.

Encryption algorithms were compromised, random data generators were not quite so random and standards were made so that Big Brother could get a foot in somehow. HUMINT - humans - were used to infiltrate organisations too where needed.

If discovered, these backdoors could be explained away as bugs.

Commercial encryption had back doors and trap doors and 4G phones in particular were designed to be more “tractable” to NSA attempts at breaking encryption. Perhaps that is the real reason why VoLTE is so badly delayed.

But what exactly was broken? Many believe that it is the RC4 algorithm as used in TLS and SSL components of HTTPS. Another line of thought was that it was crypto-key management that was compromised, the random number generators might not have been quite as random as we have thought.

For that latter point, there is actually hard proof that this very scenario has already happened. Back in early summer, a number of thefts were reported from the wallets of people using the Android wallet of crypto-currency BitCoin.

The Android BitCoin client generated the wallets and corresponding secret keys to the wallets using Android’s random number generator, or SecureRandom. However, a bug meant that without manually refreshing entropy (gathered randomness from real-world events), the random numbers were not, in fact, random. With knowledge of how the numbers were generated, it was possible for criminals to reverse compute the wallet’s private key from the wallet address using a technique known as a key collision, and use that to steal money from the wallet.

This fits in perfectly with the Snowden files’ theory, that the NSA had influenced corporations and standards (in this case Google / Android) and inserted vulnerabilities (the non-random random number generator) so that it could crack the keys generated for certificates used in HTTPS to listen in on terrorist communications.

Only in this case criminals also managed to use the same backdoor to steal money, often thousands and thousands of dollars at a time, from people who were not terrorists.

How long did Google know about the random number bug before it patched it? Or was it under an NSA order not to patch it? Perhaps we will never know, but it fits in perfectly with what Snowden tried to warn us about.

The loss of money, albeit BitCoins, also fits in perfectly with the justification the publications made in going public with this information in that while such acts may help the government against terrorism, it was also helping criminals go about their nasty deeds too and that the public needs to be warned.

Meawhile, later today German Newspaper Spiegel has promised to publish details on how the Axis of Espionage can monitor Android, iPhone and supposedly secure BlackBerry communications, including GPS location. The fun never stops on the Snowden roller-coaster.