PGP Keyserver Attacks - Threatwire CrossPost (Patreon)

by Shannon Morse, Threatwire 

Last week, the contributors to GnuPG, the PGP Protocol, noticed that their SKS Keyserver Network was under attack by unknown assailants, and publicized details about it on their Github. According to the post, certificate spamming attacks against two high profile contributors of OpenPGP named Robert J Hansen and Daniel Kahn Gillmor, began in late June 2019. The attack is exploiting a known vulnerability in OpenPGPs protocol, which allowed them to poison the OpenPGP certificates. This would break the OpenPGP installation in “hard to debug ways” if the poisoned cert was imported. The post clarifies that poisoned certificates are already on the SKS keyserver network and that the attacks will probably continue. The contributors state that there is no time period for a fix on the SKS keyserver network nor via OpenPGP Working Group. Future releases of OpenPGP may have a fix but there’s no time frame for those either.  So the only mitigation at the moment is to stop retrieving data from the SKS Keyserver network.

OpenPGP is a popular protocol used to encrypt email messages. Lots of folks, myself included, have used OpenPGP for encrypting messages, so that only the known receiver can decrypt them. OpenPGP is built on top of Pretty Good Privacy, or PGP for short, which has been around for a long time. SKS, or Synchronizing Key Servers, is used to help public PGP digital certificates with distribution and discovery. These key servers help verify the sender and receiver, and further verification can be introduced by adding a signature to a certificate. GnuPG, which is a popular implementation of OpenPGP, uses that signature process to verify identities. Unfortunately, though, GnuPG has a known flaw where it cannot handle high numbers of signatures to certificates, and if someone uses that flaw to spam the certificate with signatures, they break. This makes the validations useless in proving the identity of a sender or receiver of encrypted mail. Other platforms use PGP too, such as Linux OS updates - so if you’re targeted in the attack, you wouldn’t be able to update your machine.

It’s a messy, messy problem, and it’s a problem that’s been known about for at least a decade, according to Hansen. With that said, if a sender is using PGP without relying on the SKS keyserver network and signatures, then they’re fine. The feature in question here is broken, and the community who works on it doesn’t have a good way to fix it. The keyserver network is also decentralized, so there’s no one point of failure which could be fixed. This means the software is not maintained nor would it be viable to fix. So are you screwed? Yeah, kinda. But I will keep an eye on this to see if anything does come to fruition.

https://threatpost.com/pgp-ecosystem-targeted-in-poisoning-attacks/146240/

https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystem

https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html