Skip to main content

Flame malware wielded rare "collision" crypto attack against Microsoft

posted onJune 5, 2012
by l33tdawg

Attackers behind espionage software that infected Iranian computers targeted hard-to-exploit weaknesses in a cryptographic algorithm, a feat that allowed them to counterfeit a Microsoft digital credential, a member of the company's security team said. 

Details of the "cryptographic collision attack," which came in a blog post published Monday afternoon, are the latest testament to the skill and sophistication that went into engineering the Flame malware. While theoretical, collision exploits in real-world attacks are virtually unheard of. As a 2008 attack on the MD5 cryptographic algorithm demonstrated, collision attacks require huge amounts of computing power, even when exploiting decades-old hashing functions. To pull it off, researchers had to wield the power of 200 PlayStation 3 gaming consoles.

Cryptographic algorithms are used to transform words, documents, or computer files into ciphertext that can never be converted back to their original form. These hash functions are used to digitally sign e-mails, ensure documents haven't been tampered with, and verify that software and software updates available online originated with a particular person or group. The integrity of the entire system relies on each unique piece of plaintext generating a unique string of ciphertext. The ability for someone to find a collision, in which two different plaintext sources generate the same ciphertext, completely undermines the system, since it relies on the plaintext remaining secret and unique.

Source

Tags

Flame Viruses & Malware Microsoft

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th