This article will cover not one, but two topics!
NFC For Free Rides and Rooms (on your phone)
First up is a quick review of the research Corey Benninger and Max Sobell presented in Amsterdam this week. Corey and Max have spent considerable time hacking on NFC related topics. This time, they discovered a flaw in the way many municipalities implement “disposable” fare cards. In many cases there is no central authentication or tracking and the tags are read, and can be written to, via NFC. This allows Max and Corey to overwrite the section of the card that tracks how many rides are left. This is accomplished via their UltraReset Android application. One misconception that should be cleared up is that this is an NFC problem. The Android application was just a convenient method of accessing the data on the fare cards via NFC.
You can see the app in action over at Vimeo. The relevant coverage can be found at the following places:
- Android NFC hack enables travelers to ride US subways for free, researchers say
- Shoddy NFC security could allow free metro rides; could lack of maturity fail NFC?
- Slashdot: Another EUSecWest NFC Trick: Ride the Subway For Free
WebCrypto first working draft released
The first working draft of the WebCrypto API has been released. Much has been written about cryptography, cryptography for pen testers, cryptography for developers, crypto for everone! Crypto, crypto, crypto. It is a fascinating topic and a required part of having a more safe digital world. Nothing gets a crypto geeks blood’ pumping like a new spec that focuses on crypto. This week there has been quite a bit of discussion about WebCrypto and its API. It is pretty new and is going to need some very careful consideration, but it is my estimation that WebCrypto is not off to a great start. Many of our customers out there writing applications in HTML 5 are going to rely on this API and it does not solve many of the fundamental problems they will face in utilizing cryptography. The WebCrypto API is really only half of the story for most developers, and it really needs to be a complete picture.
My main complaint, aside from some broken and already known to be flawed algorithms and crypto primitives sneaking into the API, is that this API only provides primitives. If you sit a group of developers down and ask them to implement cryptography securely using a library with nothing but primitives such as “AES-128-CBC” and “ECDSA”, chances are very good that you will end up with trivial and not so trivial flaws in the implementation the first go around. Just convincing everyone that authentication is as important as confidentiality can be a real challenge (Hello Padding Oracle!). As a long time software developer I look for APIs that expose just the “tip” of the iceberg in terms of functionality. A truly beautiful API only exposes as much as it needs to and hides the rest. Never is there a time where experienced designers should be hiding details than in a crypto library. For the vast majority of crypto code I have seen, if there was a much simpler API that abstracted out a lot of the common pitfalls and got rid of the insecure and flawed modes and algorithms, my crypto reviews would have been a lot less interesting. Developers need functions that are simple and safe, by default: encrypt(some_data), decrypt(some_data), verify(some_data), sign(some_data). It needs to be almost that simple!
That said, this API is a nice set of primitives and it does include some practical things like PBKDF2 (Password Based Key Derivation Function 2), which will be really useful for the applications that need it. Explaining to everyone what PBKDF2 is, and why they should be using it to derive an encryption key is a task in and of itself. Enough of my soapbox. I will review this spec in more detail and give more constructive thoughts in the future. Thanks to @DarthNull and @tqbf for rousing me enough to write this post. WebCrypto has been on my mind, I know it will be creeping into our application work for years to come. Let this blog post serve as a point of reference for when we start seeing real apps using WebCrypto.
Both comments and trackbacks are currently closed.