lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201607291315.u6TDFQDt002922@sf01web2.securityfocus.com>
Date: Fri, 29 Jul 2016 13:15:26 GMT
From: matthias.deeg@...s.de
To: bugtraq@...urityfocus.com
Subject: [SYSS-2016-031] CHERRY B.UNLIMITED AES - Missing Protection
 against Replay Attacks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2016-031
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Cryptographic Issues (CWE-310)
                    Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-04-11
Solution Date: -
Public Disclosure: 2016-06-29
CVE Reference: Not yet assigned
Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

CHERRY B.UNLIMITED AES is a wireless desktop set consisting of a
mouse and a keyboard.

The manufacturer describes the product as follows (see [1]):

"CHERRY B. UNLIMITED AES combines secure data transmission and an
advanced energy supply in a design which has been thought through to the
very last detail. For high professional requirements and security both
at home and in the workplace."

Some of the key benefits of CHERRY B.UNLIMITED AES are (see [2]):

* Data transmission using 128-bit encryption, complying to Advanced 
  Encryption Standard (AES)
* USB cable charging function for both keyboard & mouse - even when in
  use
* High-quality, pre-charged NiMH batteries from GP with a very low
  self-discharge
* Almost interference-free wireless 2.4 GHz technology (range of up to
  10 metres)
* 3-button mouse: infrared sensor and adjustable resolution
  (1,000/2,000 dpi) with ergonomic side panels
* Multi-station capability operation of several wireless products in
  one room
* Easy to install, requiring no technical knowledge
* Mini USB receiver
* Keyboard awarded the "Blauer Engel" environmental seal

Due to an insecure implementation of the encrypted data communication,
the wireless keyboard CHERRY B.UNLIMITED AES is prone to replay attacks.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

The SySS GmbH found out that the wireless keyboard CHERRY B.UNLIMITED
AES is prone to replay attacks.

An attacker can sniff the AES-encrypted data packets of the 2.4 GHz
radio communication sent by the keyboard to the receiver (USB dongle)
and replay the recorded communication data at will causing the same
effect as the original data communication.

A replay attack against the keyboard can, for example, be used to gain
unauthorized access to a computer system that is operated with a
vulnerable CHERRY B.UNLIMITED AES keyboard. In this attack scenario, an
attacker records the radio communication during a password-based user
authentication of his or her victim, for instance during a login to the
operating system or during unlocking a screen lock. At an opportune
moment when the victim's computer system is unattended, the attacker
approaches the victim's computer and replays the previously recorded
AES-encrypted data communication for the password-based user
authentication and by this gets unauthorized access to the victim's
system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

The SySS GmbH could successfully perform a replay attack as described
in the previous section using a software-defined radio.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

According to information from the manufacturer Cherry GmbH, the reported
security issue will currently not be fixed in affected products.

The written statement in German from Cherry GmbH regarding this and other
reported security issues is as follows:

"Nach Prüfung der von Ihnen festgestellten 'Sicherheitsschwachstellen'
haben wir uns dazu entschlossen, die AES Verschlüsselung bis auf weiters
nicht weiter mit den Produkt zu promoten. Derzeit arbeiten wir an einem
Nachfolgeprodukt. Wie bisher, empfehlen wir Kunden mit hohen
Sicherheitsanfordungen ein kabelgebundenes Produkt zu verwenden.
Je nach Anforderung, auch mit CC-Zertifizierung."

The English translation of this statement is:

"We have examined the 'security flaws' you reported to us. As a result,
we decided, until further notice, to no longer refer to AES encryption
in order to promote the affected product. At the moment, we are
currently working on a successor product. As we already did in the past,
we recommend to our customers having particularly high security demands
using wired products which, depending on the requirements, should be 
CC certified."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2016-04-11: Vulnerability reported to manufacturer
2016-04-12: Manufacturer acknowledges e-mail with SySS security advisory
2016-05-24: Response from manufacturer with information about
            the reported security issue and rescheduling of the
            publication date in agreement with the manufacturer
2016-07-04: Received written statement from manufacturer concerning the
            reported security issue
2016-07-29: Public release of the security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Data sheet for CHERRY B.UNLIMITED AES
    http://cherry.de/PDF/EN_CHERRY_B_UNLIMITED_AES.pdf
[2] Product website for CHERRY B.UNLIMITED AES
    http://cherry.de/cid/wireless_keyboards_CHERRY_B_UNLIMITED_AES.htm?rdeLocaleAttr=en&WT.mc_id=
[3] SySS Security Advisory SYSS-2016-031
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-031.txt
[4] SySS Responsible Disclosure Policy
    https://www.syss.de/en/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Matthias Deeg and Gerhard
Klostermeier of the SySS GmbH.

E-Mail: matthias.deeg (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

E-Mail: gerhard.klostermeier (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc
Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is" 
and without warranty of any kind. Details of this security advisory may 
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web 
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJXmxnjAAoJENmkv2o0rU2rW48QAKGdpX0rOt7EGa0naxGWA6UQ
sucDvRFhsB+RG1LR2FuqP4d7xUbIsKDm4mpnlBQA6pA+3+ZzeBDuTx31Na1/Alui
lp54Z48+tRkC70pnvPJH7P7GrR1RT/3dlt6ypeCv7pA7SKfzvalLL1KnQ624UmZ0
Ta8D0I0TMGI8Z5yamsineT1WHRqSgnxE1tNtl2FEjrkXFRDRB+OrxSVUt/26G1zJ
LT1JzD+G+xjwAr5WJUO2P2dnEI+N6FlrgqaFJKH3KuAUKNcPtnY41hyp7RqL5VXa
j6AZKFLQqRhZ4MrfR3NudQmaN8ksS0F0sBwsNFBZ6JyLhd+IwxBPR2WuNXKBgZ8X
Rn+/TLIkhV6PXYwq9jhqok1wFEMLjMPDCjnDMBXMaHO1XwvfV8Sugg+5QrhE+4US
65afUq6UgWdWahwRbfpv71HGv0GWsjLISycS3unfLdNYtIeS0GCDEyZxq1PTioI1
tT/510oWY/5Bz7OdOkirMrpP2XHeWjQQSOz/LTxtwbInjC5/gHBgHwoxui8YzxI1
4IushgdjPG/G9gYWclRx6VcLPrexDy3szXEuDX6LeVePt2+ybayL0WEKRw3+HNey
32r3g4fMwRKlb+90hI+YzLYEforapVh5jgZRR1TKuOvUkCghY98os8dOhT+C2lgK
Fs7Qn4mKZe/iD2vYlgqP
=rRuZ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ