Cryptography & Security Newsletter

Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić.

If you begin to understand the world of consumer electronics, it’s inevitable that you will begin to feel animosity toward all connected devices you bring into your homes. After all, we’ve all heard that manufacturers don’t care about what’s decent, only about what makes them money. One type of device in particular, so-called smart TVs, are ubiquitous, and they’re spying on all of us.

A recent paper from Anselmi et al. looked at the surveillance practices as implemented in Samsung and LG TVs and explained the situation in some detail. It’s probably time that those of us who know—and now you do too—talk to our friends and literally everyone else, and help spread the word so that we can push back. So, what’s going on?

In a nutshell, the manufacturers of connected TVs are not content with making money only from selling their equipment to us. They also want to make money by spying on us so that they can sell that information to whomever is willing to buy it. And they’re spying on us by continuously monitoring what we’re watching and sending that information back to their servers, building a profile of our watching habits.

The researchers have discovered that automatic content recognition (ACR) tracking is active most of the time, even when TVs are used as “dumb” HDMI devices. In other words, the TV manufacturers are monitoring your private moments as well. There’s apparently no monitoring of streaming content in the UK, but there is in the US.

The only good news is that these TVs can seemingly be configured to disable ACR, provided the owners know this activity is taking place and are able to find the right settings. (I recently looked at the configuration of our TVs again, and understanding the various settings was far from easy.)

We can all agree that this situation is not acceptable, but is there an ethical smart TV manufacturer that guarantees no monitoring? And—even worse—given the state of software security and lack of scruples among governments, can we trust any legal entity to respect our privacy? Most certainly not.

In the meantime, I propose that we do the next best thing: talk to three of your friends and tell them about ACR, and ask them to commit to telling three of their friends in turn. We can at least increase the number of people who will disable this functionality. It’s not much, but it will do for now. If enough people start to care about their privacy, we may perhaps, in time, see the rise of privacy-friendly device manufacturers.

Short News

Here are some things that caught our attention since the previous newsletter:

• Smart TV manufacturers are not the only ones taking liberties: Kaspersky, after deciding to shut down its US business (because it’s a Russian business and the US government doesn’t like it much), sold its customers to UltraAV, uninstalled its antivirus product from its customers' computers, and installed UltraAV’s antivirus software instead.
• Following its CEO’s arrest in France, Telegram updated its privacy policy to state that IP addresses of phone numbers can be “shared with authorities in response to valid legal requests.”
• Discord adopted end-to-end encryption, although only for audio and video conversations. It also released the DAVE protocol whitepaper (the protocol is based on Messaging Layer Security) and the backing open-source libraries.
• Benjamin Harris and Aliz Hammond wrote a blog post for watchTowr Labs that described how they “hijacked” the WHOIS server for the .mobi top-level domain. Spoiler: They registered the domain name that had been in use a couple of years prior. It turns out that there were many clients out there that did not update their hardcoded server lists, including GlobalSign, a public CA. Guess what happened next. There is now a discussion in the CA/B Forum about retiring WHOIS as means of domain ownership validation.
• EUCLEAK is a practical side-channel attack against YubiKey 5 series and other devices that utilize secure hardware elements produced by Infineon Technologies. In the words of the researchers, this vulnerability went unnoticed for fourteen years and about eighty of the highest-level Common Criteria certification evaluations. The attack allows for the extraction of the secret ECDSA key stored in the device.
• In the European Union, Hungary is now pushing a controversial law on chat control. The latest strategy is to make monitoring by “artificial intelligence” optional, but the rest of the law (bulk monitoring of private conversations, including those with end-to-end encryption) remains.
• The EFF offered a blog post series about digital repression in Venezuela. Part one was about the surveillance and censorship following the presidential elections in July, but part two takes a wider view of the systems developed over a number of years to exert control over Venezuela’s citizens.
• Performance problems with OpenSSL 3.x continue. Improvements are being made slowly, but this new branch is apparently still much, much slower than 1.1.x.
• Neil Madden wrote about digital signatures and how to avoid them because they’re often too powerful. Soatok continued in the same vein by designing a type of digital signature algorithm that can only be verified by the intended recipient.
• Jameson Lopp maintains a list of known physical bitcoin attacks on GitHub.
• Following NIST’s official adoption of Kyber (as ML-KEM) in August, Google announced that Chrome 131 will add support for this new key exchange in Chrome 131.
• DigiCert is hosting a virtual World Quantum Readiness Day on September 26, 2024, with Peter Shor as one of the featured speakers.
• Microsoft added support for a variety of post-quantum algorithms to SymCrypt, the company’s main cryptographic library.
• The Security Cryptography Whatever podcast invited Matthew Green to talk about Telegram and its (lack of) cryptography.
• Australia’s Assistance and Access Act, passed in 2018, gives the government legal powers to break encryption. Now, the director of the Australian Security Intelligence Organisation (ASIO) is threatening to activate the law.
• Pursche et al. have published SoK: The Engineer’s Guide to Post-Quantum Cryptography for Embedded Devices online.
• Keyfactor released PQC Lab, a free thirty-day experimentation service that supports post-quantum PKI.
• Soatok writes about what it really means to be a Signal competitor.
• The NSA released a digital version of Grace Hopper’s lecture from 1982: “Future Possibilities: Data, Hardware, Software, and People.”
• In the US, the White House released its Roadmap to Enhance Internet Routing Security, which aims to help the ecosystem along toward better BGP security.
• In their paper SoK: An Introspective Analysis of RPKI Security, Danika Mirdita, Haya Schulmann, and Michael Waidner looked at the state of RPKI. The verdict? It’s come a long way, but there’s still a fair way to go to ensure security, resilience, and availability.
• IBM’s Semeru Java runtimes are now FIPS 140-3 certified.
• The next Real World Crypto Symposium will be held in March 2025, in Sofia, Bulgaria. The call for contributed talks is open.
• pyrtls is a new project that provides Python bindings for rustls, a modern, Rust-based TLS implementation.
• In early September, the Malaysian Communications and Multimedia Commission (MCMC) ordered Malaysian ISPs to forward their customers’ DNS queries to government-controlled servers, which block twenty-five thousand websites. Malaysia's communications minister, Fahmi Fadzil, reversed the decision only a day later.
• Cloudflare produced a detailed report about and analysis of global third-party network connection tampering.
• In the post titled “Better-Performing ‘25519’ Elliptic-Curve Cryptography,” Amazon engineers discuss their process and steps to significantly improve the performance of the x25519 and Ed25519 primitives.
• Alfred Menezes has published a cryptography course on Kyber and Dilithium. His other course, covering the basic cryptography building blocks, is currently in progress.
• ICANN's Security and Stability Advisory Committee (SSAC) published a report on DS (Delegation Signer) record automation, which is necessary for correct DNSSEC configuration. This is something that RFC 9615 (“Automatic DNSSEC Bootstrapping Using Authenticated Signals from the Zone's Operator”) was designed to address.