Flame Ordered to Flame Out

Needed access to world-class cryptanalysts to spread it using Windows Update

2 min read
Flame Ordered to Flame Out

There were a couple of interesting stories in ComputerWorld last week from the cyber guerrilla war front.  According to this story, whoever is controlling the Flame virus has ordered it to self-destruct and erase all traces of itself to impede the forensic analysis of its code. ComputerWorld quotes the Symantec's security response team’s blog as saying a self-immolation or "suicide" module "locates every [Flame] file on disk, removes it, and subsequently overwrites the disk with random characters to prevent anyone from obtaining information about the infection. …This component contains a routine to generate random characters to use in the overwriting operation. It tries to leave no traces of the infection behind."

It is obvious that the Flame authors are worried about not only possibly being found out (although the betting is that the virus is the work of the US and Israel) or that effective countermeasures to it will be found, but also that it might "escape into the wild" like Stuxnet did and become re-purposed. Of course, copies of Flame are in the hands of numerous IT security companies, researchers and national security organizations among others, so it is more than likely that it is only a matter of time before a new 'improved" version of Flame appears.

Speaking of the as yet unidentified authors of Flame, another story at ComputerWorld reports that Marc Stevens, a research cryptanalyst at Centrum Wiskunde & Informatica (CWI) in Amsterdam states that whoever created and distributed the virus needed access to world-class cryptanalysts. The reason behind that belief is that Flame's authors were able "to generate a rogue Microsoft digital code-signing certificate that allowed them to distribute the malware to Windows computers as an update from Microsoft." They accomplished this, ComputerWorld says, by using a previously unknown cryptographic collision attack on the MD5 encryption algorithm (Stevens and company demonstrated one method in 2008) which Microsoft security engineers explain in a blog post here.

Spreading malware using the Microsoft Windows Update function is seen as the Holy Grail of hackers since over 900 million Windows computers routinely use it to update their systems.

The ComputerWorld story notes that, "Interestingly, the attack would have failed a long time ago if Microsoft had been more diligent." The reason is that back in 2008, the weakness in MD5 was so well known that Microsoft issued a security advisory recommending "that administrators and certificate authorities cease using MD5 as an algorithm to sign digital certificates because of collision attacks. However, the company failed to disable the use of MD5 in parts of its own operating system, which is what Flame exploited."

Microsoft urgently released a patch and took other actions to close the Flame (or flaming) security hole early last week.

Photo: iStockphoto

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less