On PITAs, Androids, and Expecting the Unexpected

PITAEndpoints are inherently vulnerable. End users download malware and open suspect attachments all the time. Furthermore, attackers are getting more sophisticated and even those of us who are very security-aware are sometimes fooled. And this is before we’re talking about infected networks, drive-by malware downloads, zero days and the likes. Corporate devices hold business data, and if the data is protected these devices often hold private keys used for strong authentication, VPN access, data encryption and more. Once these are stolen, attackers have their foot into the network, and we all know what happens next.

In enterprise environments, it is sometimes thought that locking down the user’s machine (where possible) will prevent such attacks. However, this is rarely the case. Two more reminders of this fact were published this week; the PITA attack shows a side-channel attack that can be carried out against endpoints and can steal secret keys very efficiently. Although the attack is practically quite hard to carry out, it is a proof of concept that side-channel attacks are a threat to endpoints as well.

Then TrendMicro published a vulnerability in Android devices that allows attackers to expose the memory contents of devices.

Neither of these two attacks, neither PITA nor the ELF Android vulnerability discovered by TrendMicro are critical vulnerabilities. They are relatively hard to carry out. However, they exist, and they show us once again that end-user devices cannot be trusted for protecting corporate secrets. A secret key stored on a mobile or laptop is vulnerable and can be stolen. Secret keys need greater protection; this has been true for many years but is now especially true in today’s adversarial environment. There is a strong need for solutions to enable users to work on corporate data without posing an organization-wide threat.

Powered by vHSM, Dyadic’s Endpoint Key Protection is the only lightweight software key protection solution that enables every endpoint device to have a virtual HSM, where private keys can be stored securely with a trust level comparable to dedicated secure hardware. Dyadic natively integrates with any existing two-factor authentication, FIDO-based advanced authentication, electronic signing applications and blockchain which rely on keys remaining secure.

Prof. Yehuda Lindell

Prof. Yehuda Lindell

Yehuda Lindell is a professor of Computer Science at Bar-Ilan University, and a cryptographer with expertise in secure multiparty computation (MPC) that forms the technological core of Unbound’s solutions. Yehuda served as the Chief Scientist of Unbound from its inception until February 2019, when he took over the role as CEO.

Subscribe to BLOG