Skip Links

Google's email security flaw embarrassing, but no catastrophe

DomainKeys Identified Mail (DKIM) vulnerability highlights need to upgrade to stronger keys as they improve

By Taylor Armerding, CSO
October 26, 2012 08:50 AM ET

CSO - It was almost a year ago that a curious mathematician with no real Internet security training was able to walk through a gaping security hole left by Google -- a weak email cryptographic key.

15 of the worst data breaches

But most security experts say that while the exposure of the vulnerability -- which was true not only Google but also multiple other major enterprises -- is embarrassing, it did not expose them to catastrophic risk.

"[It is] an important discovery [and] illustrates that cryptography is hard and that companies need to take it more seriously," said Ramon Krikken, research vice-president at Gartner. But, he said the risk in this case is "not even in the same league" as having a weak key for SSL certification.

"That would not just be embarrassing, it would be dangerous," he said.

The discovery, long since corrected by Google, became public Wednesday, in part thanks to a warning posted by the U.S. Computer Emergency Readiness Team (US-CERT), and in part thanks to a report about mathematician Zachary Harris's find of the weakness.

A day later, Harris's story had been picked up by dozens of news outlets worldwide. It began with an email last December, claiming to be from a Google recruiter, asking Harris if he was interested in a job for which he was not really qualified.

Harris was intrigued enough to wonder if he was being spoofed, and shortly discovered that, as Wired Threat Level's Kim Zetter reported. "Google was using a weak cryptographic key to certify to recipients that its correspondence came from a legitimate Google corporate domain," the report said. "Anyone who cracked the key could use it to impersonate an e-mail sender from Google, including Google founders Sergey Brin and Larry Page."

[Bill Brenner in Salted Hash: This weak passwords story reminds me...]

The cryptographic key, called DKIM (DomainKeys Identified Mail), is used by domains to validate to a recipient that the domain in the header information on an email is authentic, and aid to fight phishing.

The current DKIM standard is for keys to be at least 1,024 bits in length. Harris found that Google was using just a 512-bit key, which he told Zetter he could crack "in about 72 hours using Amazon Web Services for $75."

At that point, he figured this might be a test by Google recruiters to see if applicants would see the vulnerability and exploit it. But when he cracked the key and then sent an email to Page, posing as Brin, he didn't get a response. Instead, he noticed a flurry of hits from Google IP addresses on his own web site, and also that two days later, Google had changed the DKIM key to 2,048 bits.

After that, Harris started looking at other sites, and found that a host of other major names -- PayPal, eBay, Yahoo, Twitter, Amazon, Apple, Dell, LinkedIn, SBCGlobal, US Bank, HP, and HSBC -- were using DKIM keys ranging from 384-bit to 768-bit.

"[The 768-bit keys] are not factorable by a normal person like me with my resources alone. But the government of Iran probably could, or a large group with sufficient computing resources could pull it off," Harris said.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News