Connect with us

Technology

Major cryptography blunder in Java enables “psychic paper” forgeries

Published

on

Getty Images

Organizations using newer versions of Oracle’s Java framework woke up on Wednesday to a disquieting advisory: A critical vulnerability can make it easy for adversaries to forge TLS certificates and signatures, two-factor authentication messages, and authorization credentials generated by a range of widely used open standards.

The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally. A key advantage of ECDSA is the smaller size of the keys it generates, compared to RSA or other crypto algorithms, making it ideal for use in standards including FIDO-based 2FA, the Security Assertion Markup Language, OpenID, and JSON.

Doctor Who and the psychic paper

Neil Madden, the researcher at security firm ForgeRock who discovered the vulnerability, likened it to the blank identity cards that make regular appearances in the sci-fi show Doctor Who. The psychic paper the cards are made of causes the person looking at it to see whatever the protagonist wants them to see.

“It turns out that some recent releases of Java were vulnerable to a similar kind of trick, in the implementation of widely-used ECDSA signatures,” Madden wrote. “If you are running one of the vulnerable versions then an attacker can easily forge some types of SSL certificates and handshakes (allowing interception and modification of communications), signed JWTs, SAML assertions or OIDC id tokens, and even WebAuthn authentication messages. All using the digital equivalent of a blank piece of paper.”

He continued:

“It’s hard to overstate the severity of this bug. If you are using ECDSA signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU). For context, almost all WebAuthn/FIDO devices in the real world (including Yubikeys use ECDSA signatures and many OIDC providers use ECDSA-signed JWTs.”

The bug, tracked as CVE-2022-21449, carries a severity rating of 7.5 out of a possible 10, but Madden said based on his assessment, he’d rate the severity at a perfect 10 “due to the wide range of impacts on different functionality in an access management context.” In its grimmest form, the bug could be exploited by someone outside a vulnerable network with no verification at all.

Other security experts also had strong reactions, with one declaring it “the crypto bug of the year.”

A mitigating factor is that Java versions 15 and above don’t appear to be as widely used as earlier versions. Data collected in February and March 2021 from security firm Snyk showed that Java 15, the latest version at that time, accounted for 12 percent of deployments. While Madden said that the specific ECDSA implementation flaw affected only Java 15 and higher, Oracle also listed versions 7, 8, and 11 as vulnerable. Madden said that the discrepancy may result from separate crypto bugs fixed in the earlier releases.

a/0 = valid signature

ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signer’s public key, and a cryptographic hash of the message. When both sides of the equation are equal, the signature is valid.

In a writeup published Wednesday, security firm Sophos further explained the process:

S1. Select a cryptographically sound random integer K between 1 and N-1 inclusive.
S2. Compute R from K using Elliptic Curve multiplication.
S3. In the unlikely event that R is zero, go back to step 1 and start over.
S4. Compute S from K, R, the hash to be signed, and the private key.
S5. In the unlikely event that S is zero, go back to step 1 and start over.

For the process to work correctly, neither R nor S can ever be a zero. That’s because one side of the equation is R, and the other is multiplied by R and a value from S. If the values are both 0, the verification check translates to 0 = 0 X (other values from the private key and hash), which will be true regardless of the additional values. That means an adversary only needs to submit a blank signature to pass the verification check successfully.

Madden wrote:

Guess which check Java forgot?

That’s right. Java’s implementation of ECDSA signature verification didn’t check if R or S were zero, so you could produce a signature value in which they are both 0 (appropriately encoded) and Java would accept it as a valid signature for any message and for any public key. The digital equivalent of a blank ID card.

Below is an interactive JShell session Madden created that shows a vulnerable implementation accepting a blank signature as valid when verifying a message and public key:

|  Welcome to JShell -- Version 17.0.1
|  For an introduction type: /help intro
jshell> import java.security.*
jshell> var keys = KeyPairGenerator.getInstance("EC").generateKeyPair()
keys ==> java.security.KeyPair@626b2d4a
jshell> var blankSignature = new byte[64]
blankSignature ==> byte[64] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ... , 0, 0, 0, 0, 0, 0, 0, 0 }
jshell> var sig = Signature.getInstance("SHA256WithECDSAInP1363Format")
sig ==> Signature object: SHA256WithECDSAInP1363Format<not initialized>
jshell> sig.initVerify(keys.getPublic())
jshell> sig.update("Hello, World".getBytes())
jshell> sig.verify(blankSignature)
$8 ==> true
// Oops, that shouldn't have verified...

Organizations that are using any of the affected versions of Java to validate signatures should place a high priority on patching. It will also be important to monitor for advisories from app and product makers to see if any of their wares are made vulnerable. While the threat from CVE-2022-21449 appears limited to new Java versions, its severity is high enough to warrant vigilance.

This Article was first live here.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Technology

HP refreshes Spectre x360 laptop with Intel 12th-gen and Ryzen 5000 chips, Intel Arc GPU, beefed up webcam, and a quieter fan, starting at $1,650 (Scharon Harding/Ars Technica)

Published

on


Scharon Harding / Ars Technica:

HP refreshes Spectre x360 laptop with Intel 12th-gen and Ryzen 5000 chips, Intel Arc GPU, beefed up webcam, and a quieter fan, starting at $1,650  —  HP Spectre laptops try out Intel discrete graphics, boosted webcams, new hues.  —  HP has revamped its Spectre x360 lineup of convertible …

This Article was first live here.

Continue Reading

Technology

Qualcomm unveils the Snapdragon 8 Plus Gen 1, says it will offer 10% faster CPU performance, 10% faster GPU clocks, and have up to 30% better power efficiency (Sean Hollister/The Verge)

Published

on


Sean Hollister / The Verge:

Qualcomm unveils the Snapdragon 8 Plus Gen 1, says it will offer 10% faster CPU performance, 10% faster GPU clocks, and have up to 30% better power efficiency  —  Bragging rights (and battery life?) for gaming phones  —  Qualcomm’s Snapdragon 8 Gen 1 set the stage for the biggest Android smartphones …

This Article was first live here.

Continue Reading

Technology

Geoff Keighley teases what’s to come at Summer Game Fest

Published

on

Placeholder while article actions load

Summer Game Fest is around the corner, and media entrepreneur Geoff Keighley hints at a month of news starting on June 9.

“First couple of weeks of June are going to be a good time for gamers as always,” Keighley said.

The host of the Game Awards and Summer Game Fest said people might look back at June as an exciting start to the year’s game release news, which has been on the quieter side when it comes to big titles. When asked whether that means people can expect major game announcements, Keighley demurred.

“June is definitely a good time for people to ramp up, get people excited about things coming in the future. So yes, there will be some good announcements. They’ll be good, meaningful updates on games,” Keighley said, adding that, for example, in 2021, the Summer Game Fest showed off gameplay of “Elden Ring,” a previously announced game that still drew a lot of interest. “Will you get everything you want? No. But I think there’ll be some good stuff this year.”

The 2022 gaming news event is mostly digital, though it will feature an in-person component. Imax movie theaters will air the Summer Game Fest in the U.S., Canada and United Kingdom starting on June 9, live from Los Angeles. Viewers can tune into the exact same show on Twitch. (Twitch is owned by Amazon, whose founder, Jeff Bezos, owns The Washington Post.)

While individual game companies will do their own events, as they have in past years, Keighley said he plans to organize things so that they don’t heavily overlap. In another major gaming showcase, Xbox will hold its live-streamed event on June 12.

The Game Awards: How Geoff Keighley helped create The Oscars for gaming

In light of the Russian invasion of Ukraine, Keighley said he has been in conversations with several Ukrainian studios whose game titles — such as GSC Game World’s “S.T.A.L.K.E.R.” — have been impacted.

“There have been a number of teams, honestly, that we were talking [with] about content for our show, that are in Ukraine, and they’ve had to relocate and can’t finish their trailer, can’t finish their game, because they’re in the middle of a situation,” Keighley said. “We’re conscious of those games and actively trying to think about what’s the right way to recognize some of those teams and the hardships that they’ve been through.”

Keighley made headlines in 2020, when he announced he was skipping E3 for the first time in 25 years, saying the event needed to evolve.

This year, Summer Game Fest will take place in the backdrop of another canceled E3, just as it did in 2020.

“You’ll find no bigger fan than me of what E3 represented to the industry. And I went to it for 25 years,” Keighley said. “I still think E3 needs to figure out its place in this new digital, global landscape. Game companies have figured out there are lots of great ways to program directly to fans. With Summer Game Fest, we’re very cognizant of that; we’re not just trying to be an E3 replacement. We’re doing something very different and approaching it as a free, digital-first celebration of games. The great thing is we can build it from the ground into something completely new. And we don’t have the baggage and legacy of trying to sell booze to people or hotel rooms.”

From 2021: For years, E3 has been gaming’s biggest event. Is that still true?

Keighley told The Post last December that the other event he hosts, the Game Awards, would take a “thoughtful, measured” approach toward non-fungible tokens (NFTs). For this year’s Summer Game Fest, Keighley similarly said he had no plans to have anything NFT or blockchain-related.

“Some people are like, ‘Oh Geoff, I see you following an NFT account on Twitter.’ And it’s like, I’m interested to learn about that stuff. But I’ve yet to see anything that really crosses over to content that would be accretive to the experience. Look, if I see a game or experience that I think is really going to be compelling and interesting and leverages those technologies in a meaningful way, we’ll of course look at it,” Keighley said.

As for whether Activision Blizzard, a company facing multiple lawsuits and government investigations, will be present at Summer Game Fest, Keighley said the situation was evolving. Activision Blizzard did not immediately respond to a request for comment.

“In the back of our minds, obviously, is the zeitgeist of what’s going on at both of these companies but also, in the community,” he said. “Everyone’s opinions continue to evolve among all these topics, so it’s hard to put a pin in something and say, ‘Hey, this is exactly how we’re going to treat this throughout the entire year.’ ”

Another hotly discussed industry topic is unionization. When asked whether organizing labor would impact Summer Game Fest, Keighley said, “Trying to make our show is ultimately to support creators of games and let them showcase their work. I hope we empower game creators, through our shows, to reach audiences and feel like they can reach those audiences directly.”

This Article was first live here.

Continue Reading

Trending