[Dailydave] Nobody but us.

Dave Aitel dave at immunityinc.com
Wed Apr 9 12:55:20 EDT 2014

I spent some time talking to various people lately about the concept of
"Nobody but us" (NOBUS) especially now that the DUAL_EC algorithm is
being researched more closely. People got confused because the papers
that came out didn't really stress that the "attacks" against Dual_EC
were in the case where they first corrupted it by replacing the magic
constants in the spec with their own.

So here's a list of seven ways to do various levels of "NOBUS". So yes,
it is completely possible.

1. Keys only we have (Elliptic Curve constants in Dual_EC are a prime
example, as are hash collision attacks in some cases). Backdoors which
are based on RSA certificates or SSHD keys are another simple example.
2. Traffic only we can collect (for example, weakened crypto that you
need to have special placed collection devices to collect on)
3. Traffic only we can manipulate (this vulnerability is in a protocol
that is a leased line from one of your buildings to another, but we
happen to be the phone company)
4. Targets only we care about (this device is vulnerable in a
configuration used to run only Iranian centrifuges, or is made by Huawei) 
5. Computational difficulty only we will bother with (this attack
requires a machine with access to a terabyte of RAM. We had one built by
that team of socially inept engineers over there.)
6.  Protocols only we can parse (Oh, you don't have an X.500 parser
laying around that has the special SS7 extension implemented?)
7. A difficult to write exploit only we will have while the
vulnerability is being patched. (We sent this bug to VMWare and once
it's out everyone will be patched within a day, but in the meantime for
the next two weeks, everyone got owned)

You can of course, combine up these techniques to get a healthy
breakfast of NOBUS.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20140409/b1a22705/attachment.sig>

More information about the Dailydave mailing list