Mastodawn

Jun 15, 2024

Frederik Jun 9, 2024

I've done it! After literal months of work, I've finally finished my (rather long) blog post about how AES-GCM works and how it's security guarantees can be completely broken when a nonce is reused:

https://frereit.de/aes_gcm/

It includes more than 10 interactive widgets for you to try out AES-GCM, GHASH and the nonce reuse attack right in your browser! (Powered by #RustLang and #WASM )

If you're interested in #cryptography , #math (or #maths ) or #infosec you might find it interesting.

If you do read it, I'm all ears for feedback and criticism!

AES-GCM and breaking it on nonce reuse

In this post, we will look at how the security of the AES-GCM mode of operation can be completely compromised when a nonce is reused.

frereit's blog

@redford and @mrtick held an unrecorded talk a bout this at OhMyHack in Warsaw - I unfortunately couldn't make it because of Munich snow.

For now this is making the rounds in Polish-speaking sources, but we do have a talk scheduled about this at 37C3, in which we plan to do a deep dive into this and actually publish our findings.

@zaufanatrzeciastrona 's article about this: https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/

O trzech takich, co zhakowali prawdziwy pociąg – a nawet 30 pociągów | Zaufana Trzecia Strona

Pociąg produkcji polskiej firmy nagle zepsuł się w trakcie serwisu. Fachowcy byli bezradni - pociąg był w porządku, tylko nie chciał jechać. W ostatnim odruchu…

Zaufana Trzecia Strona

The key unlock was deleted in newer PLC software versions, but the lock logic remained.

After a certain update by NEWAG, the cabin controls would also display scary messages about copyright violations if the HMI detected a subset of conditions that should've engaged the lock but the train was still operational.

The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.

3/4

We found that the PLC code actually contained logic that would lock up the train with bogus error codes after some date, or if the train wasn't running for a given time. One version of the controller actually contained GPS coordinates to contain the behaviour to third party workshops.

It was also possible to unlock the trains by pressing a key combination in the cabin controls. None of this was documented.

2/4

I can finally reveal some research I've been involved with over the past year or so.

We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties.

1/4

Kir a/k/a Dober

Sep 15, 2023

Shlee messed around &Sep 14, 2023

CVE-2023-4863 is going to require patching everything that renders WebP images. Every browser/electron apps/mobile apps like telegram/Flutter apps/etc etc

Welcome to the modern software supply chain!

Kir a/k/a Dober

Aug 8, 2023

Bruce Schneir admits that supply chain attack #SolarWinds had one other actor except Russia - China. Maybe, but I think it was easier. Microsoft always had a problem with scope of trust in signing key. As a result, if one key is lost it is difficult to assess the impact https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html

Microsoft Signing Key Stolen by Chinese - Schneier on Security

Kir a/k/a Dober

Jul 2, 2023

Spending a Keysight to the spectrum measure of a microwave oven? Waste! For this, a penny TinySA is completely enough :)

Show thread

Kir a/k/a Dober

Jun 30, 2023

AmtelSvyaz (Dozor - Teleport) said that they do not work with MoD RU. But @herm1t published actual screenshot which clearly shows that's not the case. "МО РФ" in the stations list (highlighted) means "MoD RU", btw, they confirmed the attack, they also serve occupied territories