Share this page!

Matthew Green Profile picture
Twitter logo
20 Dec, 7 tweets, 2 min read
Stories like this remind me that people in the Infosec community routinely make and sell exploits to these nations. citizenlab.ca/2020/12/the-gr…
I’m honestly curious how conscientious security researchers justify selling these tools, knowing how likely it is that they’ll be used for applications like this one.
One of the interesting things about this story is how difficult it must be to instrument iOS devices to catch these 0-click exploits in action. Partly because Apple makes it difficult. Image
iMessage payloads are encrypted and can be individually encrypted to specific devices. There’s no documentation of or support for open clients that can receive or monitor incoming iMessage data, without major jailbreaks and hacks.
So it looks like the best Citizenlab can do is install a VPN on likely target devices and look for weird outgoing connection patterns, plus check logs for kernel panics. It’s like looking for evidence dark matter based on its gravitational effect on things you can see.
The problem this time for NSO is that their infection process and exfiltration were visible in network logs. But they’re obviously going to get better at hiding this stuff in the future. Apple could really help make this easier for researchers.
What I’m thinking is that Apple should make it easier for selected targets to record the raw iMessage (APN) ciphertexts sent to individual devices, without leaving an obvious signature that attacker can use to see if this is happening.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Matthew Green

Matthew Green Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @matthew_d_green

Matthew Green Profile picture
23 Dec
My students @maxzks and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were “breaking phone encryption”. 1/
This was prompted by a claim from someone knowledgeable, who claimed that forensics companies no longer had the ability to break the Apple Secure Enclave Processor, which would make it very hard to crack the password of a locked, recent iPhone. 2/
We wrote an enormous report about what we found, which we’ll release after the holidays. The TL;DR is kind of depressing:

Authorities don’t need to break phone encryption in most cases, because modern phone encryption sort of sucks. 3/
Read 26 tweets
Matthew Green Profile picture
9 Nov
So the resolution explicitly calls for gaining “targeted access to encrypted data”, but we’re going to say that’s not a “backdoor in encryption”. Because we say things.
Sorry, @TechCrunch. The resolution may or may not be serious, but it’s not ambiguous. You either gain access to encrypted data or you don’t. techcrunch.com/2020/11/09/wha…
The problem with encryption backdoors isn’t solved by “proportionality” or having great laws that ensure the tech is only used in a targeted manner.

The problem with encryption backdoors is that to use them in a targeted way, you first need to create an encryption backdoor.
Read 12 tweets
Matthew Green Profile picture
28 Oct
Not to pick on @SwiftOnSecurity here, but since Juniper and Dual EC are in the news, I think it’s worth revisiting the evidence that someone deliberately inserted Dual EC as a backdoor.
For the full argument, see this excellent and readable summary my co-authors wrote: m-cacm.acm.org/magazines/2018…
But short summary: Juniper included two random number generators in their NetScreen devices. One was documented. The other was undocumented. The undocumented one was Dual EC. 1/
Read 10 tweets
Matthew Green Profile picture
28 Oct
New Reuters article on the NSA’s “new” policy around inserting backdoors into commercial encryption systems. A lot in here. reuters.com/article/us-usa…
Or rather, a lot *not* in here. After the disaster that was the 2015 Juniper hack (due to an NSA backdoor in Juniper’s VPN products being exploited by foreign hackers), the NSA has developed a set of new policies. But they won’t talk about them of course.
Oh look, here’s Juniper admitting to Congress that an NSA backdoor was exploited in their products. And the NSA writing a report on “lessons learned”. Which they then misplaced.
Read 5 tweets
Matthew Green Profile picture
11 Oct
In most ways except one, the encryption debate is the same as it ever was. So what’s changed?The current administration has demonstrated that app store bans can be used as a hammer to implement policy, and you can bet these folks are paying attention. gov.uk/government/pub…
This is where a lot of these “you can’t ban math” and “anyone can implement encryption in a few lines of code” arguments really fall apart. These people don’t care about any of that, they want to make encryption tools inaccessible to the broader public.
Someone tweeted me a link to Signal’s official instructions for sideloading on an Android phone. Unfortunately, I use an iPhone, which turned it into a direct link to the App Store.
Read 5 tweets
Matthew Green Profile picture
9 Sep
Cool new attack on static (non-EC) Diffie-Hellman in OpenSSL. Takes advantage of a timing vulnerability on the server side to extract the connection pre-master secret. Crypto implementations are hard. raccoon-attack.com
This is such an insane attack. You literally get a tiny timing oracle that tells you whether the DH secret begins with a zero byte. And then you just repeat that experiment until you’ve got the whole key. We’re all doomed.
In practice this isn’t a terribly big deal. Static DH is rare and is going away in recent versions. This is further evidence that maybe it should go away faster.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @matthew_d_green has new unrolls!

Check out other threads from @matthew_d_green!

Read all threads by @matthew_d_green