Cher sang about manipulating it while Doctor Who dramatized it. This hacker went one better and did it. Here's how time got hacked.
During a 1961 address to the National Association of Manufacturers in New York City, John F. Kennedy said that "we must use time as a tool, not as a couch." Fast forward fifty years, and one hacker has demonstrated exactly how to do that: by hacking time.
What is time anyway?
What is time? That's not an easy question to answer definitively.
Just go and search for a definition, and you'll see what I mean. However, from the broader technological perspective, time depends on how we measure it: it is what those measurements tell us. So, what if those measurements, even ones from the most accurate atomic clock sources around the planet, could be manipulated?
Welcome to the world of hacking time. Welcome to the world of Adam Laurie, the lead hardware hacker with the veteran hacking team that is IBM X-Force Red. It's worth remembering at this point thathacking is not a crime, and this story serves well to illustrate the fact.
Distributing time, manipulating time
In the intro for hiskeynote presentation at Black Hat Europe, Laurie describes what he's talking about here is how the distribution of the consensus of what we consider the current time to be is secured. That is, the time as measured by those atomic clocks and distributed across the internet. "Is an 0day that skews time still an 0day or does it disappear up its own paradox?" Laurie pondered. Funny, sure, but there is a somber side to all this: everything from financial transactions and the blockchain to navigation, transportation and the communications protocols we use daily rely on that distributed time signal being appropriately synchronized. One report Laurie referred to in his presentation determined that if this time synchronization were to fail, then it would impact the economy to the tune of more than $1 billion a day.
Laurie explained in IBM's Security Intelligence blog how skewed time windows would cause transmissions to bump into each other and break the system. "Time is at the center of our most important activities," he said, "which is why I thought it would be interesting to see how an attacker could manipulate time."
And manipulate time he did. Here's how he hacked time.
Here's how time got hacked
Because that accurate measurement of time from the various atomic clocks has to be distributed to the systems using it to function correctly, Laurie looked at the transmission channels used. These include the Network Time Protocol (NTP), GPS and radio frequency signals. The system receiving these transmissions synchronizes time using them, and if one appears out of sync, it relies upon the consensus from the others. This is where things get interesting, and frankly, worrying. Those time signals are what Laurie calls a "one-way broadcast transmission" and an unvalidated one at that. So, what if a hacker were to spoof them?
Using a somewhat Heath-Robinson time signal device of his own making, involving a Raspberry Pi, radio frequency ID (RFID) antenna and some open-source software, Laurie was able to do just that. By overriding the low-frequency clock synchronization signal, he was able to reset time to whatever he wanted.
Sure, this was a hack of time signals using just one radio frequency transmission method. However, he has also spoken about the fragility of GPS in this regard. The overall point is that the time protocols we rely on are outdated and insecure. Things need to change, and hopefully, they are. A Request For Comments (RFC) standard called Network Time Security (NTS) that adds cryptographic security to the process on the client-side was published a year ago now.
The Internet Society RFC 8915 standard for securing time is moving forward
INTERNET SOCIETY
The not so good news is that it generally takes, well, a lot of time to get RFCs finalized and accepted as the internet standard. Work is also ongoing by the Resilient Navigation and Timing Foundation to improve GPS systems globally against jamming and spoofing attacks.
What does Doctor Who say?
The 10th Doctor Who once said he had a "timey-wimey detector" that "goes ding when there's stuff." Hopefully, there's a lot of dinging following the Laurie presentation, and some real-world urgency will be applied to the problem of hacking time. But I guess we will have to wait and see. One thing is for sure, it's ethical hackers like Laurie who are driving awareness of this issue forward, now it just needs the Time Lords at the Internet Society to tie up all the loose ends.
Post a Comment