UPDATED: 2010 Trend Watch Update: Attacks on Cryptography
At the beginning of this year EFF identified a dozen important trends in law, technology and business that we thought would play a significant role in shaping digital rights in 2010, with a promise to revisit our predictions at the end of the year. Now, as 2010 comes to a close, we're going through each of our predictions one by one to see how accurate we were in our trend-spotting. Today, we're looking back on Trend #1, Attacks on Cryptography, where we predicted:
In 2010, several problems with cryptography implementations should come to the fore, showing that even encrypted communications aren't as safe as users expect. Two of the most significant problems we expect concern cellphone security and web browser security.
GSM, the technology that underpins most cellphone communications around the world, uses a deeply flawed security technology. In 2010, devices which intercept phone calls will get cheaper and cheaper. Expect to see public demonstrations of the ability to break GSM's encryption and intercept mobile phone calls. We hope that this will prompt the mobile phone industry to replace its obsolete systems with modern and easy-to-use cryptography.
SSL (in its newer versions known as TLS), the basic security technology of the world wide web, is exhibiting similarly severe flaws. Several powerful practical attacks against real-world SSL implementations were published in 2009; more problems and concerns will emerge throughout 2010. SSL security must be improved.
Despite flaws in how SSL is used, it's still the best system for web security around, and so it also needs to become more widely deployed. Google set a fantastic example this week when it set GMail to use SSL by default — in 2010 we hope to see other online service providers follow its example.
Our predictions on this front were solid. In July, security researcher Chris Paget demonstrated at DEFCON how easy it is to trick cell phones into turning off encryption and connecting to a fake base station, thereby allowing a third party to eavesdrop on conversations. The security vulnerabilities that make this attack possible aren't new, but historically would cost hundreds of thousands of dollars to exploit. Paget's system cost roughly $1,500 to assemble — bringing the attack well within the means of the less financially flush.
Three months later, Eric Butler and Ian Gallagher highlighted the insecurity of Internet web sites that don't use SSL by default when they debuted the Firesheep Firefox extension at ToorCon. Firesheep allows an eavesdropper to hijack another user's session on Facebook, Twitter, Yelp, Flickr, and many other popular websites merely by sniffing packets on an open wireless network and capturing the victim's cookie. This means that if a web site isn't using SSL to encrypt users' communications, Firesheep makes it ridiculously simple for someone to access a user's account on that site. In response, a handful of sites started using encryption by default, including GitHub and DropBox, while others, such as Windows Live, have made it an option for the first time.
EFF has made progress on monitoring and aiding HTTPS adoption with our popular HTTPS Everywhere software, and on advancing research on how HTTPS is actually used with our SSL Observatory. Though the Observatory has yet to find evidence of the man-in-the-middle attacks we're most curious about, it's unearthed plenty of evidence that HTTPS is not always used as its designers intended.
UPDATE: In the final days of 2010, GSM's profound security flaws have been in the spotlight at the 27th Chaos Communication Congress in Berlin. As Wired reports, Karsten Nohl and Sylvain Munaut "demonstrated a start-to-finish means of eavesdropping on encrypted GSM cellphone calls and text messages, using only four sub-$15 telephones as network 'sniffers,' a laptop computer and a variety of open source software."