Monday, October 26, 2015

Two For One: Steam Link Root Access, WD MyPassport Encryption Vulnerabilities

Hey everyone! In this post, I wanted to talk about two interesting things I came across this week.  First, now that the Steam Link is shipping pre-orders, people have started to play around with it and see what it can do.  It looks like it is another embedded device running Linux.  That makes for some interesting possibilities.  Second, with encryption becoming more and more mainstream lately, more manufacturers have incorporated it into their products.  That does not mean they always do it right.  Let's get started...

If you are not familiar with the Steam Link, it is a small devices that enables you to stream games from your computer to a connected TV over your network.  It is essentially a small computer running a stripped down version of Linux and some binaries that allow it to communicate with the instance of Steam running on your computer and output that to the TV.

I stumbled across this blog post which describes the (easy) process of obtaining root on one of these devices.  Here is the relevant text in case something happens to that blog post:
As for enabling ssh on your Steam Link its very easy. All you need to do is get a pendrive and make this file in these folders: /steamlink/config/system/enable_ssh.txt (Note: the file must have some data in it, if enable_ssh.txt is empty it will not work)

Then reboot the Steam Link with the pendrive inserted, after its done connecting to the network you can ssh into the Steam Link as root with the password `steamlink123`

Have fun!

If you want to dig into it some more look in the /etc/init.d/startup/S01config, in there you can see that you can overwrite any system files or flash a older/custom firmware with a usb pendrive.
So, this technique requires physical access to the device which may impact its usefulness, but I think there are still security implications for something like this.  If you are able to gain physical access to one of these, you can give yourself root on a device on someone's  LAN.  That gives you a pivot point to other places in their network.  It is unlikely that someone would check to see if they can SSH into their Steam Link.  These devices are meant to be turned on and forgotten about.  Another interesting possibility is to buy one, gain root access, overwrite a system binary with something malicious and send it to someone.  This device seems to be an ARM-based device like many embedded devices, so you will have to keep that in mind, but it will be interesting to see how this device evolves after it reaches general availability on 10 November 2015.

The second piece of hardware I would like to talk about is the weakness in encryption on many Western Digital MyPassport external hard drives.  The full paper is here (PDF).  The paper examines how weak encryption on these drives leads to compromise of two of the three pillars of the C-I-A triad: confidentiality and integrity (the third being availability).  This is not a case where Western Digital tried to make its own crypto and use that on these drives.  In fact, the drives use 128-bit or 256-bit AES.  While this is not as strong as it could be, it is not the issue here because cracking 256-bit AES is not trivial assuming a good key.  And so that brings us to why the encryption here is "weak."  The key can be easily brute forced by looking at the way it was generated.  Many times, attacks on cryptography target things outside of the crypto, and not the algorithm itself.  To be clear: this is not about some weakness in the AES algorithm, rather this is about the weakness of the key generation.

The full details are in the paper, but to summarize, this is how the key is generated:
  • The drives ships with a key that is used to encrypt user data on-the-fly, transparently.  It is not clear from the paper if this key is the same for all drives.  I am guessing it is unique per drive because of the second key (described in the next bullet) that in part protects this key.
  • This key is protected with a user-generated key.  From the factory, this key is a static value hard coded into the firmware.  This is expected and is not the security vulnerability that is concerning to me.  This is like buying a router and using the factory-supplied encryption key for the wireless connection.  The user should take steps to choose a strong, unique key.
  • The factory keys are generated with the C-function rand() and seeded with a UNIX timestamp (a 32-bit number).  This makes them much easier to brute-force since rand() is not cryptographically secure and you could figure out the timestamp used.  It is likely that the timestamp used was around the time the drive was produced.  Apparently, this is on the drive itself.  Even if you did not have access to the drive and assume it was made in the last three years (roughly 94.6 million seconds), that would be on the order of 2^26 guesses to find the right timestamp.
My suggestion for owners of these drives that want to encrypt them is to use a cryptographically strong technique with a good key.  This means BitLocker or maybe VeraCrypt / LibreCrypt on Windows and LUKS + dmcrypt on Linux.

As always, please let me know your thoughts.  Thanks for reading!

No comments:

Post a Comment