Pierluigi Paganini July 08, 2019

Threat actors targeted two high-profile PGP project contributors with the intent to poison certificates used by the SKS keyserver network. 

Contributors to the PGP protocol GnuPG claim that threat actors are “poisoning” their certificates, this means that attackers spam their certificate with a large number of signatures. The intent is to make it impossible for the PGP software to verify its authenticity.

Two prominent contributors at the PGP project, the developers Robert “rjh” Hansen and Daniel Kahn “dkg” Gillmor, confirmed that they were targeted by hackers who spammed their public cryptographic identities. 

“In the last week of June 2019 unknown actors deployed a certificate spamming attack against two high-profile contributors in the OpenPGP community (Robert J. Hansen and Daniel Kahn Gillmor, better known in the community as “rjh” and “dkg”).” Hansen wrote in a blog post. “This attack exploited a defect in the OpenPGP protocol itself in order to “poison” rjh and dkg’s OpenPGP certificates. Anyone who attempts to import a poisoned certificate into a vulnerable OpenPGP installation will very likely break their installation in hard-to-debug ways. Poisoned certificates are already on the SKS keyserver network.”

The attackers exploited a “defect” in the OpenPGP protocol to poison their certificates. Hansen explained that The standard keyserver software is called SKS, for “Synchronizing Key Server,” it was developed by a fellow named Yaron Minsky for his Ph.D thesis. It’s written in an unusual programming language called OCaml making it very difficult to maintain because it wasn’t designed for large-scale usage. Currently the software is unmaintained. 

“Due to the above, there is literally no one in the keyserver community who feels qualified to do a serious overhaul on the codebase.”explained Hansen.

Experts believe that threat actors will continue in poisoning certificates, the attack is very easy to carry out this implies that other hackers will attempt to exploit them.

Every time a user attempts to import the poisoned certificates would crash his software. 

“We’ve known for a decade this attack is possible. It’s now here and it’s devastating,” continues the post.

• “If you fetch a poisoned certificate from the keyserver network, you will break your GnuPG installation.
• Poisoned certificates cannot be deleted from the keyserver network.
• The number of deliberately poisoned certificates, currently at only a few, will only rise over time.
• We do not know whether the attackers are intent on poisoning other certificates.
• We do not even know the scope of the damage.“

Unfortunately, the attack is hard to mitigate, in order to prevent the exposure to the attack is to stop retrieving certificates and data from the SKS (Synchronizing Key Server) keyserver network.

“The design goal of the keyserver network is “baked into” essentially every part of the infrastructure. This isn’t a case where there’s a bug that’s inhibiting the keyserver network from functioning correctly. “continues the developer. “Bugs are generally speaking fairly easy to fix once you know where the problem is. Changing design goals often requires an overhaul of such magnitude it may be better to just start over with a fresh sheet of paper. “

Gillmor explained that the problems are well known and were a long debated, there have been several proposals to mitigate the problems but none of them is easy to implement.

“The parts of the OpenPGP ecosystem that rely on the naive assumptions of the SKS keyserver can no longer be relied on, because people are deliberately abusing those keyservers,” Gillmor concludes.

Pierluigi Paganini

(SecurityAffairs – SKS keyserver, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]