Apple recently released a full update that includes not only the second Rapid Response patch but also a fix for another zero-day vulnerability. The zero-day in WebKit, which was previously addressed in the Rapid Response patch, has now been accompanied by a fix for a kernel-level vulnerability. Interestingly, the zero-day in WebKit was attributed to an anonymous researcher, while the zero-day in the kernel was attributed to Russian anti-virus company Kaspersky. This suggests that the recent update may be related to the Triangulation Trojan spyware that was used in targeted attacks. The Rapid Response patch was crucial in preventing the browser from being used to exploit the phone, and the latest update closes off the vulnerability that could give attackers complete control.
Moving on to a different topic, a recent discovery highlights the importance of not relying on non-disclosure agreements (NDAs) to keep cryptographic secrets hidden. The TETRA radio system, which is used by law enforcement and first responders, relied on proprietary encryption algorithms that were kept secret. However, this approach proved to be flawed when researchers discovered imperfections in the system. These flaws were only recently disclosed after nearly two years of working with vendors to develop patches. The vulnerabilities, known as TETRA:BURST, will be presented at the Black Hat conference in 2023.
There are two main vulnerabilities in the TETRA system that serve as “teachable moments.” The first vulnerability, CVE-2022-24401, involves the issue of key agreement. The system relied on the current time to establish a key for conversations between base stations and handsets. However, there was no way to verify if the timestamp came from a trusted base station, allowing rogue base stations to trick handsets into using their timestamps. This vulnerability enabled attackers to intercept and decrypt conversations that occurred in the past or manipulate timestamps to intercept future conversations.
The second vulnerability, CVE-2022-24402, relates to the inclusion of deliberate weaknesses or backdoors in the system. While there has been debate about whether this vulnerability qualifies as a backdoor, it was intentionally introduced and known by those who signed the NDA. Regardless of the semantics, the presence of deliberate weaknesses in cryptographic systems undermines their security and exposes them to potential exploitation.
In conclusion, the recent Apple update addresses multiple zero-day vulnerabilities, highlighting the importance of quick response to emerging threats. The vulnerabilities in the TETRA radio system serve as cautionary tales about the risks of relying on non-disclosure agreements and deliberately weak encryption algorithms. These incidents emphasize the need for transparency, thorough scrutiny, and continuous improvement in cryptographic systems to ensure their security and protect users’ data.