February 17th, 2005, 08:56 PM
Security Flaw with Digital signatures in Microsoft Outlook
This report was posted a few days ago in the Microsoft Security Discussions, but it may be more approriate to have it in the cryptography forum. It is also available graphically at http://www.logsat.com/Signatures
On 10/21/2004 the following vulnerability was reported to Microsoft:
Security Flaw with Digital signatures in Microsoft Outlook -
Emails in Microsoft Outlook digitally signed with S/MIME using either a commercial personal certificate like Verisign or using a certificate issued by MS Certificate Server can be altered. Outlook will not show any warnings
about the email being changed, the digital signature will still be
reported valid even though the message content has been modified and
parties involved in the signatures changed.
This is an extremely serious flaw as I can change any digitally signed
emails I want without Outlook ever noticing.
After several emails with Microsoft and CERT during the months that followed, no fixes have been issued to correct this security flaw. It is only now that I am making this information public after all my attempts to have Microsoft resolve the problem have failed.
The following are 3 digitally signed messages. The 1st one is a valid, unmodified email from Roberto Franceschetti (firstname.lastname@example.org) to email@example.com: (follow the hyperlinks for the email's source and screenshots)
Screenshot at http://www.logsat.com/Signatures/Valid.gif
Email's source at http://www.logsat.com/Signatures/Valid.msg
The following one has been "hacked" so that the sender now appears to be "Hackers Franceschetti" (firstname.lastname@example.org). Note that Outlook states that the email is absolutely valid, and that the certificate is Valid and Trusted. This is most definitely not the case, as I've altered the original message to make it appear as a different person actually sent it. Imagine the scenario where a digital signature is supposed to unequivocally identify a sender, but now this email that appears to be sent by "hackers" appears legitimate, and a poor victim will trust it and send the hacker any confidential information he is asked for... (follow the hyperlinks for the email's source):
Screenshot at http://www.logsat.com/Signatures/Hacked1.gif
Email's source at http://www.logsat.com/Signatures/Hacked1.msg
This 3rd email is yet another variation showing how a digitally signed email can further be forget without Outlook ever raising warning flags (follow the hyperlinks for the email's source):
Screenshot at http://www.logsat.com/Signatures/Hacked2.gif
Email's source at http://www.logsat.com/Signatures/Hacked2.msg
The full emails with the conversations between myself, Microsoft and CERT can be found here (http://www.logsat.com/Signatures/emails.asp). I hope that by making this information public all the users who rely on digital signatures will be aware of this severe security flaw in Microsoft Outlook, and will take other precautions to ensure the identity of users in digitally signed emails they receive.
February 17th, 2005, 09:27 PM
Interesting. You say this was reported 4 months ago, and no action has been taken...did Microsoft even reply, or give you their position on this report?
We had a similar discussion over OWA, where their lack of response could be attributed to the fact that the attack is a redirection in the URL, not necessarily a flaw in the code. I know, it's nit picky, I'm not necessarily taking their side, but I can see how a major company would take a stance of "the code itself is fine...if it's misused...well, too bad." It's bad practice, but not uncommon.
I'll read up some more, but I am interested to hear how this pans out, seeing as how I work for a C.A.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
February 21st, 2005, 02:49 PM
We've had long conversation with Mocrosoft regarding this, al lthe emails are available on the website. Their position ranges from "this was by design" to "we'll change the documentation" to "you're wrong".
They however have never answered the question as to why their client is the only one that does not perform that basic, simple check... very strange considering that their own Outlook Express instead works perfectly by flagging the message when the digital signature does not match the actual sender...
March 5th, 2005, 12:44 PM
When you say "we have had long conversations with Microsoft" exactly who is the we?
And as you started this post about 2 weeks ago - has Microsofts stance on this issue changed since your last post on this topic?
"In most gardens they make the beds too soft - so that the flowers are always asleep" - Tiger Lily
March 6th, 2005, 08:18 PM
An interesting flaw. Quite some time ago (years?) we had an AO thread discussing how a digital sig could be hijacked. That particular expolit as I recall was unveiled by a very smart lady in the Balkans (as I recalll, but maybe EU somewhere). Was fairly complicated and the perp had to really target the sig and have a few resources, but it could be done. Don't think that one was ever fixed either. Actually, that one just diverted a copy of the original to the perp. Kind of useful if you work on the -5 level at a certain place, but impractical probably anywhere else.
This present report, however, is rather interesting in view of the fact that many states are coding laws to accept eMails with Digital Signatures as a valid contract. Just did a real estate one myself not too long ago, however it was just in verification of a prior telcon agreement so any changes would have been obvious and foiled by the prior recording.
Maybe will avoid using MS OE for digital signature messagess until we hear more on the problem. Your examples are interesting. But I am not sure exactly *where* the message hacking would take place at, or exactly what effect it would have in the real world.