Mathematician unlocks weak domain keys, Google and Microsoft affected
By Gabey Goh October 29, 2012
- DomainKeys Identified Mail (DKIM) Verifiers with weak encryption keys discovered by US mathematician
- Compromised DKIM keys allows attackers to send phishing attacks, bypassing filters
DOMAINKEYS Identified Mail (DKIM) Verifiers have been found to be susceptible to abuse by attackers due to weak encryption, allowing for the spoofing of e-mails from recognized domain names.
The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) issued a notice on Oct 24 stating that DKIM Verifiers may inappropriately convey trust when messages are signed using test or small bit signing keys.
DKIM is a method for associating a domain name to an email message, allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature which can be validated by recipients.
The security weakness means that potential attackers could send spoof emails signed with a company’s DKIM key to get past filters set up to detect them.
Spoofing emails is a method used in phishing attacks, to trick users into opening e-mails that appear to be legitimate in order to get them to disclose their account login credentials.
The vulnerability was initially discovered by American mathematician Zachary Harris who received an email from a job recruiter at Google and noticed the weak cryptographic key used to certify to recipients.
The DKIM standard calls for using keys that are at least 1024-bits in length, however Harris reported that the cryptographic key found in the email received was only 512-bits.
In an interview with Kim Zetter of Wired, Harris shared that he initially thought the email was a test of some sort to see whether potential candidates would spot the vulnerability.
In response, Harris decided to crack the key and send an e-mail to Google founders Sergey Brin and Larry Page, as each other.
“I love factoring numbers,” Harris told Zetter, “So I thought this was fun. I really wanted to solve their puzzle and prove I could do it.”
Harris did not get a response from the company – but a spate of sudden hits to his website from Google IP addresses and the change in Google’s cryptographic key from the initial 512-bit to 2048-bits two days after he sent that email alerted him to the fact that he had unearthed a genuine vulnerability.
Upon further exploration of other sites Harris discovered the same problem with the DKIM keys used by PayPal, Yahoo, Amazon, eBay, Apple, Dell, LinkedIn, Twitter, SBCGlobal, US Bank, HP, Match.com and HSBC.
Harris told Wired that most of the companies he has contacted over the last few months have fixed their keys, though some are still dragging their feet.
He decided to go public to warn other domains about the need to check their DKIM key, after contacting CERT Coordination Center at Carnegie Mellon University to report the vulnerability in August.
“The fact that I went into this not knowing what a DKIM header was illustrates that somebody with enough technical background can figure this out as they go along,” he said.
According to vulnerability analyst Michael Orlando, the author of the US-CERT notice, affected vendors include Google, Microsoft and Yahoo.
The solution according to US-CERT is for “system administrators to replace all RSA signing keys fewer than 1024 bits and configure their systems to not use or allow testing mode on production servers. RSA is an algorithm for public-key encryption.”
When contacted by Digital News Asia (DNA) for comment on the issue, Google declined to give an official statement.
However the Wired report carried a statement from a Google spokeswoman, which said “the company took the problem very seriously and instituted a fix as soon as it became aware of the issue.”
A Microsoft spokesman told DNA that the company considers safeguarding the security and privacy of our users a top priority.
“While Hotmail and Outlook.com use DKIM to verify authentication of incoming messages we do not sign outgoing mail with DKIM. We use SPF/Sender ID to authenticate our outbound mail; as such, Hotmail/Outlook.com was not susceptible to this issue,” he said.
The spokesman added that Microsoft has been a longtime supporter of DKIM and Sender Policy Framework (SPF)/Sender ID as email authentication technologies.
“However DKIM, as with any signing technology, requires the signing entity to use the appropriate key size. We are constantly vigilant in our efforts to help protect customers from potential threats,” he added.