|
|
|
|
|
|
by tptacek
1457 days ago
|
|
|
The worst cryptography vulnerabilities I've discovered have been in RF and small embedded systems, because both settings (and they're often combined!) create constraints that make high-level crypto libraries untenable. This is part of why there's so much interest in lightweight cryptography schemes like Xoodyak (Daemen), Gimli (from the Nacl folks), and STROBE (Hamburg). Everyone --- at least, everyone in the mid-2000s --- got CTR nonces wrong. But you haven't seen what a custom RF environment does to cryptography until you've seen the counters wrap. :) |
|
|
Another hypothetical vendor may have claimed to use 128-bit AES, where it would take a config password, encrypt it with AES, and then xor each packet payload of RF traffic with the bytes from that ciphertext. This was when SDRs and anything that could intercept FHSS traffic cost over $10k so nobody really noticed.
My skills were lame by most standards, and if this is getting attention now, we can expect some really funny conference talks in the next few years and there are some careers to be made on breaking implementations in this relative backwater. The hardest part at the time was extracting the bootloader firmware dump via an open jtag, but most of the firmware images were available via ftp, and the tools for that today are just amazing compared to the 00's.