Disclaimer

The content of this blog is my personal opinion only. Although I am an employee - currently of Nvidia, in the past of other companies such as Iagination Technologies, MIPS, Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.

See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.

Monday, March 07, 2016

Security Implications of Sharing Palettes · Quadro

Quadro - UI extension software that allows an iPhone or iPad to be used as a touchscreen extension for a Mac or Windows PC, with common commands mapped to touchscreen "pads" - allows the "palettes" of macro-pad-definitions to be shared.



It looks like a shared pad is visible to the entire web.



I hope not writeable...



I, and Quadro, really need to think about the security implications of such promiscuous sharing.



Obviously should not share any palette definitions that contain passwords, e.g. passwords to log into ... wifi nets, apps, etc.



Perhaps slightly less obvious, but should be apparent to anyone who thinks in the slightest about security and privacy: palette/pads that automatically save to particular folders, e.g. in email or  web browser, may themselves be security/privacy exposures:  the very NAME of the folder corresponding to a company-secret project may be a secret.   Or, similarly, the fact that an engineer is doing web.research on a particular topic may disclose new product directions.



Similarly, many companies dislike having employee email addresses unnecessarily exposed.  So palette/pad shortcuts that forward to particular email addresses are an exposure.



If you don't like thinking about company security, think about personal privacy. Imagine that the user is researching some deeply private and/or embarrassing medical condition.



---



Is this a real risk?   Well, the unique part of the URL that is provided for sharing seems to be no more than 5 ascii letters - and possibly less.  E.g. 5*8=40 bits of (in)security.  Quite likely to be brute forceable,



Q: does Quadro have an intrusion detection system, looking for bad guys probing all combinations of 5 ascii letters?



---



What happens if you have accidentally shared a palette with a password or other sensitive information?  



I cannot see any way to delete a shared palette from the Quadro company servers once it has been shared.



---



Wishlist:  allow a user to tag particular pads as being sensitive, unshareable.  And prevent any palettes holding such a tainted pad from being shared.



But the main wishlist would be to use much longer URLs, long enough to discourage brute force attacks.   Possibly with length selectable - short URLs for sharing of non-sensitive palettes, long URLs for sharing of sensitive palettes (at the cost of being much harder to type).



With the wsih after that being to do proper challenge/response,





---



How to cope with the insecurity of this palette sharing?



The only thing that I can really imagine is to try to be ver strict about

No comments: