In December of last year, mathematician Zachary Harris received an interesting e-mail from a Google headhunter inquiring if he was interested to work with the company. He was confused by the e-mail as he didn’t see himself as a candidate for the job offered. He assumed that it was a spoofed e-mail made to appear like it was from a legitimate Google recruiter. But upon further inspection, Harris discovered that Google was using a weak cryptographic key which certifies recipients that it came from a legitimate Google corporate domain. By cracking the cryptographic key, anyone can impersonate an e-mail sender, even Google execs such as Sergey Brin and Larry Page.
But the weak cryptographic key is not entirely Google’s fault. The search giant is using DomainKeys Identified Mail that “permits a person, role, or organization to claim some responsibility for a message by associating a domain name [RFC1034] with the message [RFC5322], which they are authorized to use. This can be an author’s organization, an operational relay, or one of their agents. Assertion of responsibility is validated through a cryptographic signature and by querying the Signer’s domain directly to retrieve the appropriate public key. Message transit from author to recipient is through relays that typically make no substantive change to the message content and thus preserve the DKIM signature. A message can contain multiple signatures, from the same or different organizations involved with the message.”
The DKIM standard calls for using keys that are at least 1,024 bits in length so it can’t be easily cracked but Google was only using a 512-bit key. Harris didn’t think that Google could be so careless so they thought it was a puzzle he needed to solve, a part of the hiring process. So he sent an e-mail to Page and made it appear to be from Brin. The content of the message was Harris’ personal website. He didn’t hear from Google again and when he checked the cryptographic key they were using, it was changed to 2,048 bits and his site got a lot of hits from Google IP addresses. Harris figured that Google found out about the weakness and did something about it.
But Google wasn’t the only one using weak a cryptographic key. Harris found that eBay, Yahoo, Twitter and Amazon were all using 512-bit keys while PayPal, LinkedIn, US Bank and HSBC were using 768-bit keys.
This is a serious matter as some of the most high-profile attacks were from spear-fishing that targeted specific people from a company by making the e-mails appear as something from one of their colleagues.
In August, Harris contacted the CERT Coordination Center at Carnegie Mellon University to report the vulnerability. Afterwhich, he decided that it was time to inform the public. Michael Orlando of CERT also released their statement regarding the matter and stated that the weakness has been fixed. Some of the companies generated new, stronger, lengthier keys and placed it in their DNS records and revoked their old keys, while others haven’t done anything with the vulnerability.
But the problem does not only lie with sender domains alone as receiving domains accepted DKIM’s which were marked as tests or should have been flagged and should have been revoked.
“So that’s a problem on both sides; the senders are having these testing keys that they’re leaving in DNS records long after the period of testing is completed, and then the verifiers are ignoring the testing flag.” Harris said.
The most intriguing part was Harris’ statement regarding how he, a person with no knowledge of what a DKIM header was, was able to see the vulnerability. What more a person with extensive knowledge in IT matters?