Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Security Privacy Windows Your Rights Online

Leaked Docs Offer Win 8 Tip: FinFisher Spyware Can't Tap Skype's Metro App 74

Posted by Unknown Lamer
from the never-trust-proprietary-software dept.
mask.of.sanity (1228908) writes "A string of documents detailing the operations and effectiveness of the FinFisher suite of surveillance platforms appears to have been leaked. The documents, some dated 4 April this year, detail the anti-virus detection rates of the FinFisher spyware which German based Gamma Group sold to governments and law enforcement agencies. The dump also reveals Windows 8 users should opt for the Metro version of Skype rather than the desktop client because it cannot be tapped by FinFisher."
This discussion has been archived. No new comments can be posted.

Leaked Docs Offer Win 8 Tip: FinFisher Spyware Can't Tap Skype's Metro App

Comments Filter:
  • Irrelevant (Score:4, Insightful)

    by Anonymous Coward on Tuesday August 05, 2014 @08:29AM (#47606209)

    Skype belongs to Microsoft, Microsoft is in the US, the US records your calls.

    • by Anonymous Coward

      US needs to file paperwork to get the phone records; no need to make it any easier for them.

    • Re: (Score:3, Informative)

      The content of telephone calls was brought under the protection of the 4th amendment around the 1950s. Why such protections still haven't been extended to electronic communication is beyond me.
      • Torture is also against our laws too, but apparently that doesn't concern the CIA.

    • by ron_ivi (607351)

      Not quite irrelevant.

      Microsoft probably sells Skype data to some law enforcement and intel agencies but not to others.

      • The only agencies MS will not take money from are those it isn't legally permitted to. And for those, they just get a dummy corp to act as the middleman for plausible deniability.

    • It's irrelevant anyway, because the info is from April.

      I don't know how much a workplace for FinFisher costs but we're talking about the military/intelligence/law enforcement sector here. It would be kind of stupid to assume that they haven't written an access module by now. And if not, these types of companies are surely happy to provide a suitable exploit as an upgrade upon request - provided that the client has the necessary credentials and is willing to throw enough money at it.

    • If you're in China, they also record your calls (TOM Skype).

      You should not be using Skype for anything that you dont want a nationstate to hear, full stop. Microsoft is one of a number of companies known to cooperate in surveillance requests in countries like China.

  • by kriston (7886) on Tuesday August 05, 2014 @08:33AM (#47606241) Homepage Journal

    That would be a good idea if Metro Skype wasn't so utterly useless. It's almost as if they didn't even try. It is missing such basic features as marking yourself as "Busy" and is even missing the screen sharing feature.

    • Re: (Score:3, Insightful)

      by jtwiegand (3533989)
      This is probably why it's more difficult to exploit; it's a simpler program.
      • IIRC, Metro apps have additional sandboxing so I'd presume that is the reason it is more difficult to exploit.

  • by Anonymous Coward

    "People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties.

    What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."

    "There are three kinds: those that spy on the user, those that

  • by Anonymous Coward

    "The dump also reveals Windows 8 users should opt for the Metro version of Skype rather than the desktop client because it cannot be tapped by FinFisher."
    That's what they want you to think!

  • Or maybe... (Score:4, Interesting)

    by Black Parrot (19622) on Tuesday August 05, 2014 @08:42AM (#47606313)

    ...the docs were leaked by spy agencies, because the Metro version is *easier* to spy on?

  • This of course is very old news, but relevant.

  • Move along.
    • by IMightB (533307)

      No kidding, FinFisher 5.0 can't do the metro app, finfisher 5.1 can. FinFisher 6 has been out for 2 years.....

  • This is just another one of the recent MS gimmicks to get you to switch to the Metro version.

    I just received a very official Skype Team email stating my desktop version would be automatically removed. That's exactly what it said: YOUR SKYPE VERSION WILL BE REMOVED. If a company would add such a trigger on an application (even one that highly depends on a single external cloud service to do anything at all), I would call that heavy persuasion.

    • Mine said I was signed out because I was using an outdated version and would not let me sign back in until I upgraded it.

      I have to use it for work.

  • And it doesn't end there. To really get a high-security setup, boot chain, you need to do a lot of start-up work.

    To start, you need a pre-boot scan. The occasional scan from a USB image would provide an integrity check: EFI settings (boot order), bootloader, kernel image, and initrd. You'd need to validate the boot loader against the installed package, validate the installed ClamAV database signature, pull ClamAV updates if the signature doesn't validate, validate kernels against installed packages,

    • by jader3rd (2222716)

      To start, you need a pre-boot scan. The occasional scan from a USB image would provide an integrity check: EFI settings (boot order), bootloader, kernel image, and initrd.

      You mean like the Windows 8 UEFI Secure Boot?

      • by Junta (36770)

        Windows 8 Secure boot is a pretty flimsy facility that says 'yep, this code was blessed by microsoft'. It does nothing to vouch for whether the configuration leading up to or the configuration of the payload is what you actually want (e.g. a specific user expects they hve put in Windows 8, but instead Red Hat loading with malicious configuration would be a sort of misbehavior that SecureBoot does nothing for).

        Of course, the proposed scheme isn't exactly nice. Notably handwaving about 'file is known safe'.

        • Windows 8 Secure boot is a pretty flimsy facility that says 'yep, this code was blessed by microsoft'. It does nothing to vouch for whether the configuration leading up to or the configuration of the payload is what you actually want (e.g. a specific user expects they hve put in Windows 8, but instead Red Hat loading with malicious configuration would be a sort of misbehavior that SecureBoot does nothing for).

          UEFI secure boot validates everything (configuration) until the boot-loader load. The boot-loader sits in signed cabinet files and the UEFI firmware will not load the boot-loader if the boot-loader cabinet files do not check out (invalid signature).

          The boot-loader will check the operating system - Windows 8 - core before relinquishing control of the boot process to the OS. Windows 8 sits in signed cabinet files and the boot-loader will not boot the OS if the files have been tampered with (invalid signatures).

          Right after the kernel has started - relying *only* on information from the signed cabinet files and signed kernel drivers (all drivers which load in kernel space in Windows 64 bit versions must be signed), the antivirus providers will be allowed to load. AV must *also* be signed by MS to be allowed to load at this stage. The AV can now control loading the rest of the OS. Still, any kernel level drivers *must* be signed.

          You are correct that the boot-loader will also boot other signed OSes - like RH Linux and those *could* be used to start Win8 or some other OS in a VM and under control of the "signed" OS. You can bet that MS has requirements that the booting of non-Windows OS is obvious (something must happen at the screen clearly identifying the OS being booted).

          But at the whole, UEFI Secure Boot along with Windows 8 signed boot-loader and OS is *very* hard to circumvent. I haven't heard of any successful attack yet. There was some spin on an attempt that did not use UEFI Secure Boot (it used BIOS).

          • by Junta (36770)

            But at the whole, UEFI Secure Boot along with Windows 8 signed boot-loader and OS is *very* hard to circumvent.

            If you are paying attention during boot, and the attack comes from within the OS. Of course, MS could have afforded the within the OS protection themselves by being very special in how they treated the system partition without requiring firmware to verify it. If you have full control of the console and/or device, you can do exactly what you describe, boot a valid OS using a malicious configuration designed to rootkit the OS that's there or impersonate the OS that was supposed to be there to gain informati

      • That depends on a TPM, which depends largely on a secret key in the OS RAM (magic cookie) that can be accessed if you have a kernel exploit. From there, you can modify the TPM.

        • by Junta (36770)

          There's a few things that seem off in that statement...

          IIRC, Secure Boot didn't actually hook into the TPM.

          Another, I'm not sure what you imply with 'modify the TPM'. You can have perhaps the TPM bind some stuff that the legitimate user wouldn't want you to do but you couldn't defeat sealing to a sufficient set of PCRs by having os level control of the TPM facilities afaik.

          • Oh, huh. SecureBoot isn't Palladium; it's some new-fanegaled UEFI feature.

            It looks like you can insert new keys into the SecureBoot DB with dpkg-reconfigure secureboot-db in Ubuntu, so sufficient OS-level access should allow for bypassing SecureBoot in UEFI. This is a little easier than it was with the TPM, I guess.

            • Oh, huh. SecureBoot isn't Palladium; it's some new-fanegaled UEFI feature.

              It looks like you can insert new keys into the SecureBoot DB with dpkg-reconfigure secureboot-db in Ubuntu, so sufficient OS-level access should allow for bypassing SecureBoot in UEFI. This is a little easier than it was with the TPM, I guess.

              No, not unless the OEM did *not* follow the specs. If they followed the UEFI specs this should not be possible.

              On top op that, it is a specific requirement for "Designed for Windows 8 certification" that the keys cannot be manipulated from the operating system.

              The only way to change the key store is through physical (like in at the keyboard) control of the UEFI firmware in the pre-boot "maintenance mode" *or* through a firmware upgrade. Firmware upgrades *must* be signed as well, so no, you can not use that

              • After these databases have been added, and after final firmware validation and testing, the OEM locks the firmware from editing, except for updates that are signed with the correct key or updates by a physically present user who is using firmware menus, and then generates a platform key (PK). The PK can be used to sign updates to the KEK or to turn off Secure Boot.

                So if you have the PK, you can sign updates to the KEK. Okay, so this requires the user to intentionally load a PK first, and store it on the machine. Makes sense.

                So then the chain is shorter: have your kernel load a signed initrd, perform useful scans, and then load the real initrd and engage the boot process. I likes this.

    • by Khyber (864651)

      " To really get a high-security setup, boot chain, you need to do a lot of start-up work. "

      No. To get a high-security setup, you simply never connect to the internet.

      If you have internet access, you're fucked. Man can make it, man has repeatedly proven man can break it.

      There is ZERO other alternative.

      • Security: Confidentiality, Integrity, Accessibility. Removing Accessibility is called a Denial of Service.

        It's like you just said the only way to be safe from murder is to kill yourself.

        • by Khyber (864651)

          "It's like you just said the only way to be safe from murder is to kill yourself. "

          Is it wrong? The only way to avoid being killed or dying is to already be dead. The only way to avoid getting compromised online is to not be online at all.

          There is no such thing as 100% security.

  • Good to remember (Score:3, Informative)

    by sasparillascott (1267058) on Tuesday August 05, 2014 @10:05AM (#47606767)
    Keep in mind just what exactly Microsoft handed the keys to the NSA for:

    http://www.theguardian.com/wor... [theguardian.com]

    Microsoft wasn't called out as an "enthusiastic" partner in the NSA's documents for nothing. Definitely consider all versions of Skype to be damaged goods - along with all other Microsoft products - can't imagine how excited the NSA was for the Xbox One and its always on audio monitoring and (originally) required connected video camera.
  • by rebelwarlock (1319465) on Tuesday August 05, 2014 @10:18AM (#47606845)
    I'll take spyware over metro any day.
  • Very funny... Pull the other other one...

10.0 times 0.1 is hardly ever 1.0.

Working...