After CCC hacker Fluepke had already decrypted the secure memory of a Secunet connector, the CCC took on the “KoCoBox” from CGM. With success.
A CCC hacker team led by Fluepke has opened the secure memory of another special router for the medical telematics infrastructure (TI), this time the “KoCoBox” from Compugroup Medical (CGM). The CCC had previously analyzed and decrypted a connector from Secunet and parts of the operating system started in a virtual machine. In both cases, the hackers had to gain access to the file systems, which were secured using a smart card – the so-called device-specific security module card type connector (gSMC type K). They were thus able to prove that there is no hardware link between the connector hardware and the gSMC-K cards. The link and the fact that the security certificates of the cards will expire after five years was one of the reasons given to justify the connector replacement, which entails costs of 300 to 400 million euros.
As with the Secunet device, Fluepke documented the essential steps of the hack on Twitter:
In order to gain access to the data due to the lack of debugging interfaces on the CPU board (Congatec QM6XLC0) of the KoCoBox, Fluepke’s colleague Jaseg first had to desolder and read out the box’s eMMC memory.
In addition to two freely readable partitions, the resulting image also contained several file systems encrypted with Linux Unified Key Setup (LUKS) – a method for hard disk encryption common in Linux.
The encrypted file systems require a passphrase to unlock. Fluepke put the init script
mount-secstorageon the freely readable system partition of the KoCoBox on the right track. It is
gsmck-key-toolused to read a PIN to unlock the gSMC-K from a fixed offset of the eMMC memory.
PIN magic with crypto modules
The CCC ran the script in an
chrootenvironment and thus received the PIN.
pkcs11-tool -pin-magicThis in turn was used to obtain the passphrase needed to decrypt the LUKS partitions using the CGM-modified OpenSC command. OpenSC provides a set of libraries and utilities for using smart cards.
He could then
cryptsetuppass the passphrase to open the LUKS encrypted partitions and unlock the file systems. Additional PINs were found there for running the connector’s proprietary gSMC-K applications.
Thus, the CCC has unlocked the secure storage of the second of three connector manufacturers; Fluepke also called on the third party, the RISE company, to provide a connector.
Gematik does not see specifications violated
This raises the question of whether Fluepke’s hacks violate the specifications of the connectors or the TI. Because in “Common Criteria Protection Profile 2: Requirements for the connector” it says, for example:
“The network connector has access to a security module (gSMC-K), which is securely connected to the network connector. In this case, secure means that the gSMC-K cannot be separated from the network connector unnoticed and that communication between the gSMC-K and network connector cannot be read or manipulated.”
Even if Fluepke was able to read the communication between the gSMC-K and the operating system, Gematik does not see this as a violation of the specification because the protection profile must be considered as a whole:
“In addition to the cited security goal for gSMC-K (OE.NK/AK.gSMC-K), there is also a security goal for the environment that the connector is operated protected against physical access (OE.NK/AK.phys_Schutz).”
According to Gematik, such “organizational measures” also contribute to protection. This prevents unauthorized persons from accessing the connector or even the gSMC-K and thus reading out or manipulating the communication between the connector and card. In the event of a “physical attack”, manipulated, stolen and decommissioned connectors would have to be blocked by the manufacturer and users would have to report such an attack. If the scenario works “according to the textbook”, the attack would not go unnoticed. As a reaction to this, the certificates of the gSMC-K would be blocked, according to Gematik.
Unnoticed data collection
Now, an attack rarely follows the textbook. If a hacker nevertheless manages to get hold of a connector unnoticed, the device’s communication could probably be manipulated or eavesdropped on, at least for a certain period of time. When asked, Gematik informed us that the technical operators of the TI are obliged to “take preventive measures to identify and analyze threats”. However, these would only take effect in the case of recognizable manipulations of the TI traffic. The communication of the hacked connector itself, on the other hand, could be eavesdropped on unnoticed. Even if only a limited amount of data can be collected in this way using a manipulated connector, there is still a residual risk.