Flame – oversights and expertise made for Windows Update worst case scenario
More information about how Windows Update was compromised is gradually coming to light. An oversight by Microsoft appears to have played into the hands of top-class cryptographic experts involved in developing super-spyware Flame.
Flame's developers signed their espionage tool using a faked Microsoft certificate, which they were able to generate using an MD5 collision attack. The developers did not, however, use existing, known techniques – they went a step further. Cryptography expert Marc Stevens analysed the Flame certificate and found that the developers used a "completely new variant of a 'chosen prefix collision attack' […] The design of this new variant required world-class cryptanalysis."
Microsoft's security department has also posted new details of the incident. It reports that the complicated nature of the attack would not have been necessary if it had been aimed purely at Windows XP. An X.509 extension by the name of "Microsoft Hydra" exists to bind business customer certificates to a specific purpose – in this case licence management in a Terminal Server environment. The crypto API in XP does not, however, check this information, meaning that a hacker could simply sign using the original XP Update certificate.
The collision attack described above was thus only required for signing update packages for later versions of Windows. This allowed the virus developers to remove the Hydra extension from the certificate. The only reason they were able to do this was because Microsoft uses the MD5 hash algorithm, which has long been considered non-secure. Microsoft's blog entry does not clearly explain what the Hydra extension does. Some clues as to the modus operandi of the licence server can be found on the blog Unmitigated Risk.
The effort Flame's developers put into just the infection route described above is impressive. Flame was also able to spread via other mechanisms, such as USB flash drives. Although this piece of spyware was full of tricks for infecting other computers, it appears to have only infected a few thousand worldwide, concentrated in the Middle East; this suggests that Flame was a highly specialised spying tool used for highly specific missions.