Flame's Windows Update hack required world-class cryptanalysis, researchers say

Flame's authors used a previously unknown MD5 collision attack variant, cryptanalysts say

The Flame cyber-espionage malware makes use of a previously unknown cryptographic attack variant that required world-class cryptanalysis to develop, experts from the Dutch national research center for mathematics and computer science (CWI) said on Thursday.

The cryptographic attack, known as an MD5 chosen prefix collision, was used by Flame's creators to generate a rogue Microsoft digital code-signing certificate that allowed them to distribute the malware to Windows computers as an update from Microsoft.

Microsoft's security engineers explained how the MD5 collision attack worked in a blog post on Wednesday. In their article, they referenced older chosen prefix collision research by cryptanalysts Marc Stevens, Arjen Lenstra, and Benne de Weger.

Stevens, Lenstra and de Weger were part of a larger international team of researchers who, in 2008, demonstrated a practical MD5 collision attack which allowed them to create a rogue SSL certificate trusted by all browsers.

Stevens, who is a scientific staff member in the cryptology group at CWI, analyzed the rogue Microsoft certificate used by Flame's authors and determined that they used a different MD5 collision attack than the one devised by him and his colleagues in 2008. "The design of this new variant required world-class cryptanalysis," Stevens said in a blog post on Thursday.

Ronald Cramer, the head of the cryptology research group at CWI and professor at the Mathematical Institute of Leiden University in the Netherlands agreed with Stevens' assessment. "This is not a job done by amateurs," he said.

Furthermore, the fact that Flame's creators used an MD5 collision attack different than the one developed by Stevens and his colleagues, suggests that the two variants might have been designed in parallel.

From a practical point of view it would have made no difference had they used Stevens' attack instead, Cramer said.

Both attacks could have generated rogue Microsoft code-signing certificates that would have tricked Windows systems. The difference between them lies in the math used, not the end result.

One reasonable explanation why Flame's creators didn't used Stevens' attack is that they developed their own variant before Stevens and his colleagues published their research in 2008, Cramer said.

This theory is also supported by other evidence, according to which Flame was developed in the second-half of 2008, and enforces the idea that Flame was created by a professional team of developers with a lot of resources.

Interestingly, the attack would have failed a long time ago if Microsoft had been more diligent. "We, at the time, notified Microsoft and all other parties affected in this context, so they could take measures," Cramer said.

In December 2008 Microsoft issued a security advisory which recommended that administrators and certificate authorities cease using MD5 as an algorithm to sign digital certificates because of collision attacks. However, the company failed to disable the use of MD5 in parts of its own operating system, which is what Flame exploited, Cramer said.

Following the discovery of the Flame attack Microsoft revoked three of its Terminal Server certificate authorities and announced other changes to the Terminal Service certificate infrastructure to prevent similar abuse in the future.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?