This post refers specifically to one Chinese manufacturer of security keys, and to Google’s endorsement of and collaboration with it. Use of trusted security keys to protect online accounts remains advisable for all users, particularly those whose work is or may become politically sensitive.
Following recent calls for transparency regarding secret preparations to return to China with a censored search engine, Google is now facing more demands for clarity over the safety of a new security feature. The two stories share a common root in the apparently Chinese state-sponsored hack in 2009 that compromised both internal corporate systems and politically sensitive user accounts.
On one hand, the 2009 incident tipped the balance within Google between proponents of accommodation and rejection of Chinese demands for censorship, leading to the company’s effective withdrawal from the country the following January. On the other, the attack helped spur Google to become a vigorous proponent of anti-phishing and other security technologies. Its Authenticator app, introduced in September 2010, reinforced account passwords with temporary numerical codes, providing greater security then either passwords alone or widely used but easily compromised SMS codes. With app-generated codes now also potentially vulnerable at least to highly targeted attacks, the company has been promoting the use of hardware security keys, which automatically verify websites’ authenticity before confirming the user’s identity. (The keys also work with other popular sites and services such as Facebook, Twitter, and Dropbox.) Google claims that none of its 85,000 employees has suffered an account breach since it mandated internal use of these devices in early 2017. Later that year, it introduced the Advanced Protection Program for especially vulnerable users such as journalists and activists whose accounts can be tightly locked down to allow access only using hardware security keys.
Eyebrows have been raised, however, at Google’s recommendation of keys manufactured by Feitian—not just a Chinese company but, as Matthew Robertson recently described at China Change, one with particularly deep military and official ties:
It is unclear how feasible it may be for Chinese intelligence and military actors to install a backdoor in or otherwise compromise the hardware. But if the hardware manufacturer is mobbed up with one of the most sophisticated offensive cyber actors in the world, the “world’s worst abuser of internet freedom” according to Freedom House, and a country where a private company can never say no to government demand, the question arises: Can it be safe?
[…] It goes without saying that almost everything we have documented above is simply part and parcel of Chinese companies doing business in China — in particular in a sensitive sector like information and network security, and especially when doing large business with state banks. When the PLA invites your company to join in the “earnest celebration” of its anniversary, present gifts, and join its industrial “alliance,” you don’t respectfully decline.
The same would obtain if the company were ever approached by military or civilian intelligence and instructed to install backdoors in its security fobs, according to Tom Uren, a visiting fellow in the International Cyber Policy Centre at the Australian Strategic Policy Institute.
“Companies in China aren’t able to refuse to engage in intelligence activities. This is laid out very clearly in Article 7 of China’s new 2017 National Intelligence Law,” Uren wrote in an email. [Source]
Last week, Google began selling its own sets of keys, but these too are manufactured by Feitian, albeit with some apparently new modifications. The launch has fueled closer scrutiny of the keys’ supply chain, as Martin Peers and Sarah Kuranda report at The Information:
Adam Meyers, vice president of intelligence at security firm Crowdstrike, said making the hardware in China could open the door for supply chain attacks on Google and its users. Supply chain attacks involve hackers exploiting weaknesses at an outside firm that deal with a major company, instead of the company itself. “Broadly speaking, anytime that a foreign government or a foreign company is involved in production in any equipment, security or otherwise, there is a supply chain concern,” Mr. Meyers said. “The supply chain is becoming a real concern and [attacks] are popping up every day now.” [Source]
Motherboard’s Joseph Cox highlighted Google’s claim that production of the keys’ core components outside China makes them resistant to supply chain sabotage:
Google emphasised to Motherboard how the firmware improves the security of its Titan keys. As Jennifer Lin, Google’s director of product management, GCP security and privacy wrote in a blog post in July, the keys include firmware developed by the company to verify its integrity, and make sure it hasn’t been tampered with. This, Google told Motherboard, is what the company believes Titan keys offer over the rest of the market. Google builds the firmware into a chip in a trusted environment, and then ships that off to the producer, the company said. This firmware also means you don’t necessarily have to trust the manufacturer, Google believes.
“The secure element hardware chip that we use is designed to resist physical attacks aimed at extracting firmware and secret key material,” Google’s Christiaan Brand, product manager for Google Cloud, wrote in Thursday’s blog post. “These permanently-sealed secure element hardware chips are then delivered to the manufacturing line which makes the physical security key device. Thus, the trust in Titan Security Key is anchored in the sealed chip as opposed to any other later step which takes place during device manufacturing,” he added.
This isn’t enough for some experts, though. [Source]
It is unclear what this means for the thousands of Feitian-branded devices Google has previously distributed to activists and other potential targets.
On Twitter, Facebook’s former Chief Information Security Officer Alex Stamos raised a possible lesson from the Snowden revelations: that although attackers might successfully compromise a particular key if they knew it was bound for a specific target—an easily avoided scenario—a universal backdoor maliciously inserted into all keys at Chinese authorities’ instructions should be less of a threat. Nevertheless, he added, it might be more prudent to choose an alternative product.
I think I can believe two things:
1) People throw around "that is made in China" as shorthand for "it is definitely backdoored" with no evidence or consideration for compensating controls.
2) I'm not recommending the Google keys.
— Alex Stamos (@alexstamos) August 30, 2018
The best documentation for "nation state"* backdooring is the Snowden docs, which showed that a universal bugdoor (EC_DRBG) failed but that targeted backdoors in CISCO hardware succeeded.
* I put that in to bug you.
— Alex Stamos (@alexstamos) August 30, 2018
Which implies that ordering hardware from overseas in an easily traceable manner is dangerous, since the risk of discovery to the adversary is low and the value of a custom backdoor is high.
— Alex Stamos (@alexstamos) August 30, 2018
That would lean towards buying a generic product from Amazon, which presumably comes from a huge stack at their warehouse and isn't drop-shipped from Shenzhen to "High Value Target, USA" low-risk.
Yet…
— Alex Stamos (@alexstamos) August 30, 2018
The cost difference between Feitan and Yubico is minimal, considering that you are buying a device upon which you bootstrap ALL OF YOUR PERSONAL SECURITY, and since FIDO means direct communication between untrusted websites and this embedded controller, I'm sticking with Yubico.
— Alex Stamos (@alexstamos) August 30, 2018
The manufacturer of Stamos’ chosen alternative alluded to supply chain security issues in a blog post in July, and explained why it does not sell the Bluetooth keys currently required to use the Advanced Protection Plan with Apple’s iOS devices.
Yubico strongly believes there are security and privacy benefits for our customers by manufacturing and programming our products in the USA and Sweden.
Google’s offering includes a Bluetooth (BLE) capable key. While Yubico previously initiated development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability. BLE does not provide the security assurance levels of NFC and USB, and requires batteries and pairing that offer a poor user experience. [Source]
It remains both possible and advisable to protect accounts with trusted security keys while also using them with currently incompatible iOS devices: a code generator app such as Google Authenticator can be retained as backup and for use with unsupported systems. This sacrifices some of the APP’s security, but may reduce supply chain hazards, a trade-off that each user should consider for themselves.