A couple of days ago I wrote a quick post on FLAME and how the developers of the malware had been very creative in their attack vector. At that time there was still a considerable amount of work being done to validate the attack vector, but as I pointed out the evidence that existed pointed to a collision attack on the MD5 hashing algorithm that was used in generating two of the CAs’ root certificates signatures.
Today there is some confirmation that the attack did leverage the collision vector, as highlighted in an email to a cryptography discussion group. The approach of the developers was unique and had not been seen before, but the concept was the same concept that had been used in previous MD5 collision demonstrations, including those in 2008. As we discussed, the attackers then leveraged the fraudulent certificate to hijack the Windows update mechanism. It appears that the ongoing investigation is confirming what we have believed all along.
Microsoft's response to the fraudulent certificates was rapid but it only addresses the problems that existed in the Microsoft environment. It is imperative that organizations quickly determine if there are other CA certificates that exist in their system trust stores that could be as easily taken advantage of and compromised. We recommend that organizations stop issuing certificates with MD5 and remove from their trust stores any certificates that use MD5 within the signature hashing algorithm.
The other actions that were mentioned in the previous post should also be put into an organizations existing operational action plan including:
These steps are the simple ones that need to be taken today. Moving to a comprehensive Key and Certificate Management System will ensure that the processes to maintain the environment can be automated.
FLAME demonstrated what can be done. Organizations need to take action to ensure that they do not get caught and burned by the next variant of FLAME.
Read the Venafi Security Alert: MD5 Vulnerability and learn more about how to identify your MD5 certificates.