Update: Superfish is the Real End of SSL

The controversy over SSL-busting software on Lenovo laptops keeps getting bigger. Is this the end of SSL?

In-brief: Outrage over Lenovo’s promotion of privacy busting adware continued to grow amid lawsuits and more spying revelations. The big question: is this the final – final straw for the beleaguered Secure Sockets Layer (SSL) technology?  (Updated to add comment from Kevin Bocek of Venafi.)

“Welcome to the (expletive) storm that is an angry Internet!” That was a post to the Facebook page of visual search company Superfish – a little known company whose technology – along with that of business partner Lenovo –  has come to embody a growing sense of outrage over unbridled snooping by companies and governments.

The outraged posting (alongside one commending Superfish to be boiled in camel urine) were the byproduct of the revelation that pre-loaded Superfish Visual Discovery software, which has shipped on Lenovo consumer laptops since mid-2014, opens a gaping and dangerous security hole in SSL (Secure Sockets Layer) – a foundational technology that is used to secure web browsing sessions.

Specifically: the Superfish adware modified the Windows networking stack, using a third party library known as “Komodia” to install a new root Certificate Authority (CA) that gave the software the ability to impersonate any SSL-enabled site. That allowed the Superfish software to decrypt a user’s secure web browsing session and mine it for the purpose of better serving you ads. (Gee – thanks!) But, in so doing, it “undermines the security of web browsers and operating systems, putting people at greater risk,” wrote Facebook threat researcher Matt Richard. For one thing: the same technology could easily be used by a malicious actor to impersonate any legitimate web site, stealing user credentials or forcing malicious software onto a vulnerable Lenovo laptop.

The revelation and that “angry Internet” have already led to other revelations – in rapid succession. Angry Internet denizens began looking into Superfish, including its financial backers.

Security expert Robert Graham of Errata Security posted about extracting the private key used by the Superfish adware to intercept all those encrypted sessions and quickly cracked the password that protected it.  He then added a post on how an attacker could set up a wi-fi based Man in the Middle Attack on vulnerable systems using some inexpensive (or free) hardware and software.

In a blog post on Friday, Richard of Facebook presented the results of research that found more than a dozen other software applications using the Komodia library – many of them malicious or suspicious.

“Initial open source research of these applications reveals a lot of adware forum posts and complaints from people,” Richard wrote. In no case was it clear why the software in question needed to intercept and decrypt SSL traffic, or what the applications did with the decrypted data. 

Lenovo, which first denied that Superfish posed a security risk, quickly backtracked: apologizing and issuing software updates to remove the adware. In the meantime, the company and Superfish are being sued in a class action lawsuit alleging both companies engaged in “fraudulent” business practices and violations of consumer privacy laws. 

The bigger challenge, however, may be to SSL itself – a technology that was already badly battered by revelations about breaches at Certificate Authorities like DigiNotar and affiliates of the CA Comodo. As Richards and others note: Superfish is hardly the first application to rely on what is, essentially, a “man in the middle” attack on secure web browsing sessions to work. Most antivirus programs do something similar -albeit in the name of preventing web-based attacks.

Carnegie Mellon’s CERT warned on Monday about a Windows utility called PrivDog by Adtrustmedia that uses the Komodia library and carries out similar Man in the Middle attacks against encrypted web sessions in the name of providing “safer, faster and more private web browsing.”

But even applications whose nominal goal is security can mess it up – badly. Richards notes an investigation by Carnegie Mellon University researchers in 2012 that found that deep packet inspection appliances from the firm Cyberroam shared the same CA certificate and private key – a botch that would make it possible to impersonate such a device and carry out man in the middle attacks against users of those devices.

With so many applications – good, bad and grey – playing fast and loose with the integrity of the certificate authority system, one must ask what authority resides in that system any more? The answer is likely “no.” Already, commercial operations are under intense pressure to find another way to secure sensitive online sessions. Notably: the Payment Card Industry (PCI) Council said earlier in February that SSL version 3.0 is “no longer acceptable for protection of data due to inherent weaknesses within the protocol.” “No version of SSL meets PCI SSC’s definition of ‘strong cryptography,’ the organization said.

That follows revelations of a widespread vulnerability, dubbed “Poodle,” that could allow an attacker to extract secret information from an encrypted transaction. That vulnerability prompted leading browser makers, including the Mozilla Foundation, to accelerate a move away from SSL to “modern secure protocols.”

But SSL’s replacement – TLS – is hobbled by the same “trust” issues, even if it improves on SSL’s flawed encryption, said Kevin Bocek, the Vice President of Security Strategy and Threat Intelligence at the security firm Venafi.

“SSL as a protocol is dead, but TLS has the same challenges in regard to trust,” Bocek said.

Bocek said the failings of the PKI trust model shouldn’t come as a surprise to anyone. “This is technology that’s more than 20 years old,” he said. “The idea that you would have a harmonious system of trust that is unbreakable until time ends? That’s not going to work. Clearly we’re at the breaking point.”

While Superfish doesn’t involve a vulnerability in SSL per se, it does underscore the degree to which the trust model that SSL and successor technologies rely on has become illusory. And that may succeed where Heartbleed and Poodle failed: finally moving Internet users and organizations to stronger technology.

Bocek thinks the fix isn’t in replacing the certificate system. Rather, that system will need to adapt to changing times and a changing threat environment. The trust model “has to be more agile and adapt to threats,” he said, pointing to Google’s Certificate Transparency project as an example.

The Lenovo Superfish debacle, he says “just shows how bad its gotten.”