"Each frame is encrypted or decrypted with a per-sender symmetric key," Discord said. "This key is known to all participants of the audio and video session but crucially is unknown to any outsider who is not a member of the call, including Discord."
Safety 2024 2023 2022 2021 2020
Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls
23.9.24 Safety The Hacker News
Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls.
The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption ("E2EE A/V").
As part of the change introduced last week, voice and video in DMs, Group DMs, voice channels, and Go Live streams are expected to be migrated to use DAVE.
That said, it's worth noting that messages on Discord will remain unencrypted and are subject to its content moderation approach.
"When we consider adding new privacy features like E2EE A/V, we do not do so in isolation from safety," Discord said. "That is why safety is integrated across our product and policies, and why messages on Discord are unencrypted."
"Messages will still be subject to our content moderation approach, allowing us to continue offering additional safety protections."
DAVE is publicly auditable and has been reviewed by Trail of Bits, with the protocol leveraging WebRTC encoded transforms and Message Layer Security (MLS) for encryption and group key exchange (GKE), respectively.
This allows for media frames, outside of the codec metadata, to be encrypted after they are encoded and decrypted before being decoded on the receiver side.
"Each frame is encrypted or decrypted with a per-sender symmetric key," Discord said. "This key is known to all participants of the audio and video session but crucially is unknown to any outsider who is not a member of the call, including Discord."
The use of MLS, on the other hand, makes it possible for users to join or leave a voice or video session on Discord in such a manner that neither new participants can decrypt media sent before they joined nor leaving members can decrypt any media sent in the future.
"Discord's existing transport encryption for audio and video between the client and our selective forwarding unit (SFU) is retained, ensuring only audio and video from authenticated call participants is forwarded," it noted.
"While the SFU still processes all packets for the call, audio or video data inside each packet is end-to-end encrypted and undecryptable by the SFU."
The development comes days after the GSM Association (GSMA), the governing body that oversees the development of the Rich Communications Services (RCS) protocol, said it's working towards implementing E2EE to secure messages sent between the Android and iOS ecosystems.
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
20.9.24 Safety The Hacker News
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices.
"This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said.
The PIN is a six-digit code by default, although it's also possible to create a longer alpha-numeric PIN by selecting "PIN options."
This marks a change from the previous status quo where users could only save passkeys to save passkeys to Google Password Manager on Android.
While the passkeys could be used on other platforms, it was necessary to scan a QR code using the device where they were generated.
The latest change removes that step, making it a lot easier for users to sign in to online services using passkeys by simply scanning their biometrics. Google noted that support for iOS is expected to arrive soon.
This, however, requires the users to know either the Password Manager PIN or the screen lock for their Android devices before using passkeys on a new device.
"These recovery factors will allow you to securely access your saved passkeys and sync new ones across your computers and Android devices," Desai said.
The development comes as the tech giant said passkeys are being used by more than 400 million Google accounts as of May 2024. Two months later, the phishing-resistant alternative was made available to high-risk users via its Advanced Protection Program (APP).
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing
18.9.24 Safety The Hacker News
Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects them against online threats.
"With the newest version of Chrome, you can take advantage of our upgraded Safety Check, opt out of unwanted website notifications more easily and grant select permissions to a site for one time only," the tech giant said.
The improvements to Safety Check allow it to run automatically in the background, notifying users of the actions it has taken, such as revoking permissions for websites they no longer visit, and flagging potentially unwanted notifications.
It's also designed to notify users of security issues that need to be addressed, while automatically revoking notification permissions from suspicious sites identified by Google Safe Browsing.
"On Desktop, Safety Check will continue to notify you if you have any Chrome extensions installed that may pose a security risk to you, then bring you to the extensions page and show a summary panel with quick controls to remove them," Andrew Kamau, product manager of Chrome, said,
Safety Check, besides offering users the option to enable Google Safe Browsing protections, is also capable of warning if a username or password stored in the Google Password Manager was involved in a data breach, the search and advertising company added.
Chrome Safer Browsing
Some of the other key updates include the ability to unsubscribe from unwanted website notifications directly on the notifications drawer on both Pixel and Android devices, as well as grant one-time permissions for Chrome on Android and Desktop.
"With this feature, you can choose to grant select permissions — such as access to your camera or mic — to a site for one time only, helping you better manage your online privacy," Kamau said. "Once you leave the site, Chrome will revoke the permissions. The site won't be able to use those permissions until you explicitly grant them again."
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense
17.9.24 Safety The Hacker News
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs).
"Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The PostQuantumKeyAgreementEnabled flag and enterprise policy will apply to both Kyber and ML-KEM."
The changes are expected to take effect in Chrome version 131, which is on track for release in early November 2024. Google noted that the two hybrid post-quantum key exchange approaches are essentially incompatible with each other, prompting it to abandon KYBER.
"The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber," the company said. "As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519."
The development comes shortly after the U.S. National Institute of Standards and Technology (NIST) published the final versions of the three new encryption algorithms — to secure current systems against future attacks using quantum technologies, marking the culmination of an eight-year effort from the agency.
The algorithms in question are FIPS 203 (aka ML-KEM), FIPS 204 (aka CRYSTALS-Dilithium or ML-DSA), and FIPS 205 (aka Sphincs+ or SLH-DSA) are meant for general encryption and protecting digital signatures. A fourth algorithm, FN-DSA (originally called FALCON), is slated for finalization later this year.
ML-KEM, short for Module-Lattice-based Key-Encapsulation Mechanism, is derived from the round-three version of the CRYSTALS-KYBER KEM and can be used to establish a shared secret key between two parties communicating over a public channel.
Microsoft, for its part, is also readying for a post-quantum world by announcing an update to its SymCrypt cryptographic library with support for ML-KEM and eXtended Merkle Signature Scheme (XMSS).
"Adding post-quantum algorithm support to the underlying crypto engine is the first step towards a quantum safe world," the Windows maker said, stating the transition to post-quantum cryptography (PQC) is a "complex, multi-year and iterative process" that requires careful planning.
The disclosure also follows the discovery of a cryptographic flaw in the Infineon SLE78, Optiga Trust M, and Optiga TPM security microcontrollers that could allow for the extraction of Elliptic Curve Digital Signature Algorithm (ECDSA) private keys from YubiKey hardware authentication devices.
The cryptographic flaw within the Infineon-supplied library is believed to have remained unnoticed for 14 years and about 80 highest-level Common Criteria certification evaluations.
The side-channel attack, dubbed EUCLEAK (CVE-2024-45678, CVSS score: 4.9) by NinjaLab's Thomas Roche, affects all Infineon security microcontrollers embedding the cryptographic library and the following YubiKey devices -
YubiKey 5 Series versions prior to 5.7
YubiKey 5 FIPS Series prior to 5.7
YubiKey 5 CSPN Series prior to 5.7
YubiKey Bio Series versions prior to 5.7.2
Security Key Series all versions prior to 5.7
YubiHSM 2 versions prior to 2.4.0
YubiHSM 2 FIPS versions prior to 2.4.0
"The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack," Yubico, the company behind YubiKey, said in a coordinated advisory.
"Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or [YubiHSM] authentication key."
But because existing YubiKey devices with vulnerable firmware versions can't be updated – an intentional design choice meant to maximize security and avoid introducing new vulnerabilities – they are permanently susceptible to EUCLEAK.
The company has since announced plans to deprecate support for Infineon's cryptographic library in favor of its own cryptographic library as part of firmware versions YubiKey f5.7 and YubiHSM 2.4.
A similar side-channel attack against Google Titan security keys was demonstrated by Roche and Victor Lomne in 2021, potentially allowing malicious actors to clone the devices by exploiting an electromagnetic side-channel in the chip embedded in them.
"The [EUCLEAK] attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key," Roche said. "In the case of the FIDO protocol, this allows to create a clone of the FIDO device."
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers
13.9.24 Safety The Hacker News
WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily.
The enforcement is expected to come into effect starting October 1, 2024.
"Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide," the maintainers of the open-source, self-hosted version of the content management system (CMS) said.
"Securing these accounts is essential to preventing unauthorized access and maintaining the security and trust of the WordPress.org community."
Besides requiring mandatory 2FA, WordPress.org said it's introducing what's called SVN passwords, which refers to a dedicated password for committing changes.
This, it said, is an effort to introduce a new layer of security by separating users' code commit access from their WordPress.org account credentials.
"This password functions like an application or additional user account password," the team said. "It protects your main password from exposure and allows you to easily revoke SVN access without having to change your WordPress.org credentials."
WordPress.org also noted that technical limitations have prevented 2FA from being applied to existing code repositories, as a result of which it has opted for a "combination of account-level two-factor authentication, high-entropy SVN passwords, and other deploy-time security features (such as Release Confirmations)."
The measures are seen as a way to counter scenarios where a malicious actor could seize control of a publisher's account, thereby introducing malicious code into legitimate plugins and themes, resulting in large-scale supply chain attacks.
The disclosure comes as Sucuri warned of ongoing ClearFake campaigns targeting WordPress sites that aim to distribute an information stealer called RedLine by tricking site visitors into manually running PowerShell code in order to fix an issue with rendering the web page.
Threat actors have also been observed leveraging infected PrestaShop e-commerce sites to deploy a credit card skimmer to siphon financial information entered on checkout pages.
"Outdated software is a primary target for attackers who exploit vulnerabilities in old plugins and themes," security researcher Ben Martin said. "Weak admin passwords are a gateway for attackers."
Users are recommended to keep their plugins and themes up-to-date, deploy a web application firewall (WAF), periodically review administrator accounts, and monitor for unauthorized changes to website files.
Google Adds Passkeys to Advanced Protection Program for High-Risk Users
10.7.24 Safety The Hacker News
Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP).
"Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said.
Passkeys are considered a more secure and phishing-resistant alternative to passwords. Based on the FIDO Authentication standard, the technology is designed to secure online accounts against potential takeover attacks by ditching passwords in favor of biometrics or a PIN.
Passkeys can simultaneously act as a first- and second-factor, entirely obviating the need for a password. Earlier this May, the tech giant revealed that passkeys are being used by over 400 million Google accounts.
High-risk users, who are at an elevated exposure to cyber-attacks because of who they are and what they do (e.g., journalists, elected officials, political campaign staff, human rights workers, and business leaders), can check if they have a compatible device and browser and complete the enrollment process.
"We also require you to add recovery options during enrollment (e.g. a phone number and email, or another passkey or security key), a combination of which will help you regain access to your account if you get locked out," Chatterjee said.
Google further said it's partnering with Internews to provide journalists and human rights workers with security support. The program spans 10 countries, including Brazil, Mexico, and Poland.
The development comes as Google said it intends to expand dark web reports to any user with a Google account starting later this month to check if their information has been leaked on the darknet. The feature was previously limited to Google One subscribers.
"Dark web report will become available to all users with a consumer Google Account," it noted in a support document. "Dark web report is integrated with Results about you as a combined solution to help users protect their online presence."
Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks
9.4.24 Safety The Hacker News
Google has announced support for what's called a V8 Sandbox in the Chrome web browser in an effort to address memory corruption issues.
The sandbox, according to V8 security technical lead Samuel Groß, aims to prevent "memory corruption in V8 from spreading within the host process."
The search behemoth has described V8 Sandbox as a lightweight, in-process sandbox for the JavaScript and WebAssembly engine that's designed to mitigate common V8 vulnerabilities.
The idea is to limit the impact of V8 vulnerabilities by restricting the code executed by V8 to a subset of the process' virtual address space ("the sandbox") and isolating it from the rest of the process.
Shortcomings affecting V8 have accounted for a significant chunk of the zero-day vulnerabilities that Google has addressed between 2021 and 2023, with as many as 16 security flaws discovered over the time period.
"The sandbox assumes that an attacker can arbitrarily and concurrently modify any memory inside the sandbox address space as this primitive can be constructed from typical V8 vulnerabilities," the Chromium team said.
"Further, it is assumed that an attacker will be able to read memory outside of the sandbox, for example, through hardware side channels. The sandbox then aims to protect the rest of the process from such an attacker. As such, any corruption of memory outside of the sandbox address space is considered a sandbox violation."
Groß emphasized the challenges with tackling V8 vulnerabilities by switching to a memory-safe language like Rust or hardware memory safety approaches, such as memory tagging, given the "subtle logic issues" that can be exploited to corrupt memory, unlike classic memory safety bugs like use-after-frees, out-of-bounds accesses, and others.
"Nearly all vulnerabilities found and exploited in V8 today have one thing in common: the eventual memory corruption necessarily happens inside the V8 heap because the compiler and runtime (almost) exclusively operate on V8 HeapObject instances," Groß said.
Given that these issues cannot be protected by the same techniques used for typical memory-corruption vulnerabilities, the V8 Sandbox is designed to isolate V8's heap memory such that should any memory corruption occur, it cannot escape the security confines to other parts of the process' memory.
This is accomplished by replacing all data types that can access out-of-sandbox memory with "sandbox-compatible" alternatives, thereby effectively preventing an attacker from accessing other memory. The sandbox can be enabled by setting "v8_enable_sandbox" to true in the gn args.
Benchmark results from Speedometer and JetStream show that the security feature adds an overhead of about 1% on typical workloads, allowing it to be enabled by default starting with Chrome version 123, spanning Android, ChromeOS, Linux, macOS, and Windows.
"The V8 Sandbox requires a 64-bit system as it needs to reserve a large amount of virtual address space, currently one terabyte," Groß said.
"The sandbox is motivated by the fact that current memory safety technologies are largely inapplicable to optimizing JavaScript engines. While these technologies fail to prevent memory corruption in V8 itself, they can in fact protect the V8 Sandbox attack surface. The sandbox is therefore a necessary step towards memory safety."
The development comes as Google highlighted the role by Kernel Address Sanitizer (KASan) in detecting memory bugs in native code and help harden Android firmware security, adding it used the compiler-based tool for discovering more than 40 bugs.
"Using KASan enabled builds during testing and/or fuzzing can help catch memory corruption vulnerabilities and stability issues before they land on user devices," Eugene Rodionov and Ivan Lozano from the Android team said.
Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks
3.4.24 Safety The Hacker News
Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware.
The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an open web standard, the tech giant's Chromium team said.
"By binding authentication sessions to the device, DBSC aims to disrupt the cookie theft industry since exfiltrating these cookies will no longer have any value," the company noted.
"We think this will substantially reduce the success rate of cookie theft malware. Attackers would be forced to act locally on the device, which makes on-device detection and cleanup more effective, both for anti-virus software as well as for enterprise managed devices."
The development comes on the back of reports that off-the-shelf information stealing malware are finding ways to steal cookies in a manner that allows threat actors to bypass multi-factor authentication (MFA) protection and gain unauthorized access to online accounts.
Such session hijacking techniques are not new. In October 2021, Google's Threat Analysis Group (TAG) detailed a phishing campaign that targeted YouTube content creators with cookie stealing malware to hijack their accounts and monetize the access for perpetrating cryptocurrency scams.
Earlier this January, CloudSEK revealed that information stealers like Lumma, Rhadamanthys, Stealc, Meduza, RisePro, and WhiteSnake have updated their capabilities to hijack user sessions and allow continuous access to Google services even after a password reset.
Google told The Hacker News at the time that "attacks involving malware that steal cookies and tokens are not new; we routinely upgrade our defenses against such techniques and to secure users who fall victim to malware."
It further recommended users to enable Enhanced Safe Browsing in the Chrome web browser to protect against phishing and malware downloads.
DBSC aims to cut down on such malicious efforts by introducing a cryptographic approach that ties together the sessions to the device such that it makes it harder for the adversaries to abuse the stolen cookies and hijack the accounts.
Offered via an API, the new feature achieves this by allowing a server to associate a session with a public key created by the browser as part of a public/private key pair when a new session is launched.
It's worth noting that the key pair is stored locally on the device using Trusted Platform Modules (TPMs). In addition, the DBSCI API permits the server to verify proof-of-possession of the private key throughout the session lifetime to ensure the session is active on the same device.
"DBSC offers an API for websites to control the lifetime of such keys, behind the abstraction of a session, and a protocol for periodically and automatically proving possession of those keys to the website's servers," Google's Kristian Monsen and Arnar Birgisson said.
"There is a separate key for each session, and it should not be possible to detect that two different session keys are from one device. By device-binding the private key and with appropriate intervals of the proofs, the browser can limit malware's ability to offload its abuse off of the user's device, significantly increasing the chance that either the browser or server can detect and mitigate cookie theft."
One crucial caveat is that DBSC banks on user devices having a secure way of signing challenges while protecting private keys from exfiltration by malware, necessitating that the web browser has access to the TPM.
Google said support for DBSC will be initially rolled out to roughly half of Chrome's desktop users based on the hardware capabilities of their machines. The latest project is also expected to be in sync with the company's broader plans to sunset third-party cookies in the browser by the end of the year via the Privacy Sandbox initiative.
"This is to make sure that DBSC does not become a new tracking vector once third-party cookies are phased out, while also ensuring that such cookies can be fully protected in the meantime," it said. "If the user completely opts out of cookies, third-party cookies, or cookies for a specific site, this will disable DBSC in those scenarios as well."
The company further noted that it's engaging with several server providers, identity providers (IdPs), and browser vendors like Microsoft Edge and Okta, who have expressed interest in DBSC. Origin trials for DBSC for all supported websites are set to commence by the end of the year.