View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 29, 2019updated 11 Jul 2022 7:49am

Aussie Security Firm Brute-Forces Kaspersky’s Encryption to Reveal ASUS Hack Targets

Let IDA, Hashcat, and eight 16GB NVIDIA GPUs be your friend...

By CBR Staff Writer

When ASUS’s live software update servers were hacked last year, an estimated million-plus computers were infected with a backdoor. But only some 600 were actually being targeted, Kaspersky Lab, which revealed the compromise, said this week.

It subsequently released a downloadable tool for users to see if one of their computers was among those targeted, but declined to unveil the MAC addresses themselves, concealing them in the tool and protecting them using a salted hash algorithm.

For some, the temptation was too strong. Aussie cybersecurity company Skylight Cyber (founded by Israeli duo Adi Ashkenazy and Shahar Zini) this week cheekily reverse-engineered the tool to work out what encryption protocol was being used, then brute-forced it to reveal (and publish) 583 of the MAC addresses, saying Kaspersky Lab’s approach “does not really serve” the security community.

The move – and research by others in the community; Skylight Cyber was not alone in cracking the list, although it was the first to publicly publish a plain text version – reveal that the MAC addresses primarily belong to other large technology corporations like Intel, as well as ASUS itself,  VMware, AMPAK and more.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

ShadowHammer Attack: The MAC Addresses

Skylight Cyber said in a blog initially shared with the Hacker News and now publicly posted, that it used reverse engineering toolkit IDA, a custom-tweaked version of the HashCat password cracking tool and AWS’s p3.16xlarge instance (which carry eight of NVIDIA’s V100 Tesla 16GB GPUs: “say hello to my little friend”) to crack the encryption on 583 of the MAC addresses in less than an hour, in a “short but sweet” challenge.

As they wrote: “Kaspersky have released an online tool that allows you to check your MAC address against a DB of victim MAC addresses (which is hidden). Good on Kaspersky on one hand, but on the other hand, this is highly inefficient, and does not really serve the security community. So, we thought it would be a good idea to extract the list and make it public so that every security practitioner would be able to bulk compare them to known machines in their domain.”

For how they did it, see the blog. The MAC addresses are here.

As well as being an entertaining read, it’s a sharp reminder that easily available compute power makes brute forcing even the SHA256 encryption protocol viable in a short period of time. As for your average password? Forget it.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.