LITIGATION SUPPORT TIP OF THE NIGHT

Recently word has spread that the SHA-1 hashing algorithm is no longer secure. A comparatively cost-effective way has been found to to create specific files with duplicate SHA-1 hash values. Gaetan Leurent and Thomas Peyrin's paper, From Collisions to Chosen-Prefix Collisions Application to Full SHA-1, has shown that a 'chosen-prefix' collision attack is possible. A 'chosen-prefix' attack allows an attacker to create two files with substantive data inside that collide - or have the same SHA-1 hash value. The authors estimate that a SHA-1 collision attack can be achieved for as little as $110,000. The paper states that, " . . . our results show that, for some hash functions, chosen-prefix collision attacks are much easier than previously expected, and potentially not much harder than a normal collision search"

A normal collision attack simply involves finding two different messages which have equal hash values. A chosen-prefix involves finding where two prefixes when each added separately to different appendages produce the same hash value. A preimage attack aims for creating a specific hash value.

While it still may be used to identify duplicate files in electronic discovery, the SHA-1 algorithm has to be phased out of its use in the transport layer security (TLS) and secure socket layer (SSL) protocols used for communication across networks, and in PGP encryption. Leurent and Peyrin note that chosen -prefix collisions have been known to break digital certificates by imitating certificate authorities.

Beware of the security flaws of the PDF format. As detailed by Julia Wolf, a senior security researcher with FireEye, in her presentation OMG WTF PDF: PDF Ambiguity and Obfuscatoin, PDFs are often used in malware attacks. See the video here and the slides here. A PDF can contain a database scanner that gets activated when the file is printed. PDFs can also be manipulated to display different content in different PDF editors or different web browsers.

PDFs can be container files, which hold files in other formats. Javascript, used to automate tasks in Acrobat is not considered to be a secure scripting language. Most anti-virus software cannot pick up on malware embedded in PDFs.

This past Sunday, The Wall Street Journal published an article discussing problems with the cyber security of medical devices. See, Evans, Melanie and Peter Loftus, "Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security", Wall Street Journal, May 12, 2019, available at https://www.wsj.com/articles/rattled-by-cyberattacks-hospitals-push-device-makers-to-improve-security-11557662400. The article referenced the results of a study by the Department of Health and Human Services, which shows there was a jump in data breaches in 2014. Before 2014, less than 1 million personal health records were breached each year. Since then at least 4 million records have been breached annually.

The problem is serious enough that surgeries were cancelled due to the WannaCry and NotPetya cyberattacks.

Hospitals often insist on having information about the proprietary software used to run medical devices. The FDA recommends that manufacturers disclose the software used in medical devices to the hospitals that purchase them, and contracts are requiring disclosure as well as the ability to run penetration attacks.