Secure Attention Key

Posted Mar 29, 2012 1:14 UTC (Thu) by tialaramex (subscriber, #21167)
In reply to: GNOME 3.4 released by pboddie
Parent article: GNOME 3.4 released

The phrase you're groping for is 'Secure Attention Key' (in some older systems it was literally one key press). Linux has some rudimentary low-level support for this capability but it never seems to have ascended into an end user feature of any consequence. No application can trap the SAK combination because long before any code runs that lets userspace applications fiddle with the key presses, the kernel has noticed that the SAK has been pressed and short-circuited to a path that just handles this special case.

In Windows when you press the SAK it forcibly summons a separate desktop, which you can think of as being kind of like a separate X server process. This desktop is "owned" by the System user, roughly equivalent to Unix root, so anyone with permission to tamper with it could just have replaced the entire OS kernel or whatever they wanted.

On the system desktop lives the login dialog (when nobody is logged in), the lock dialog (when somebody is logged in, but their password is needed to resume their session) and that dialog which offers you choices like changing who is logged in or starting a task manager. Because they live in a separate desktop, ordinary programs can't tamper with them and are only just barely aware they exist.

Within a single desktop (or indeed an X session) ordinary programs can snoop all keypresses, silently take pictures of other windows, send fake keypress or mouse click events, initiate phony drag-and-drop operations, impersonate other programs (e.g. popping up a SSH passphrase dialog) and other nasty tricks. They cannot, however, prevent the SAK from summoning its secure desktop.

Secure Attention Key

Posted Mar 29, 2012 15:45 UTC (Thu) by cortana (subscriber, #24596) [Link] (6 responses)

To be fair, it's probably pretty trivial to bypass the SAK. Simply present the user with a notice that they must press Ctrl+Alt+Insert to unlock and/or log on to their computer. Most will just follow the instructions without a second thought!

Secure Attention Key

Posted Mar 29, 2012 17:31 UTC (Thu) by mathstuf (subscriber, #69389) [Link] (5 responses)

But Windows would intercept it. If the user is already logged, in they get that menu that can start the task manager (I forget what else is there). The rogue application doesn't have a choice as to what Windows does with the combo (short of locking the session or logging out which would likely be fairly blatent behavior). It certainly can't snoop the keypresses on that alternate desktop (I would sincerely hope). So, since the rogue application never gets the password, I don't see how it's being bypassed.

Secure Attention Key

Posted Mar 29, 2012 17:47 UTC (Thu) by khim (subscriber, #9252) [Link] (4 responses)

You've just proved cortana's point. Note how he suggested to write Ctrl+Alt+Insert instead of Ctrl+Alt+Delete - and you've missed it. Sure, a lot of peoples will miss it, too, but since it's possible to detect Ctrl+Alt+Delete (VMWare does that), program should just close that window and wait for the next opportunity. Eventually user will actually read the text, will press the Ctrl+Alt+Insert and will give the password program is seeking.

Secure Attention Key

Posted Mar 30, 2012 1:13 UTC (Fri) by tialaramex (subscriber, #21167) [Link] (3 responses)

Mmm. Maybe. I think Microsoft's intention, and it has been somewhat successful, is to inculcate the Ctrl+Alt+Delete muscle memory into the wider user population beyond the group where it's actually in any way relevant to security (on a home machine where the main user and operator is also the only administrator, tricking the user with such a dialog is almost besides the points)

So you may find that in practice the story goes

User 1: "Oh, a message..." (doesn't read properly) Ctrl+Alt+Delete
User 2: "Oh, a message..." (doesn't read properly) Ctrl+Alt+Delete
User 3: Ctrl+Alt+Delete "Wait did that say... whatever, it worked"
User 4: "Oh, a message..." (doesn't read properly) Ctrl+Alt+Delete
User 5: "Ctrl+Alt+Insert? What's this? Hey, you, IT guy, why does this say Ctrl+Alt+Insert, don't you get tired of changing things for no reason?"
Administrator: "Mmm, infected PC. Wipe it and re-install"
[ Malware is no longer installed ]

Someone would have to do an experiment to check, but this wouldn't be the first time it turned out users are (in a sense) too dumb to fall for a clever trick.

Secure Attention Key

Posted Mar 30, 2012 1:41 UTC (Fri) by cortana (subscriber, #24596) [Link] (1 responses)

I think there will be ten users who fall for it for every one that raises a ticket with IT. I was less of a pessimist in this regard before I saw this video: http://www.thoughtcrime.org/software/sslstrip/. It's not directly related to the use of secure attention keys, but if users who care enough about their privacy to use tor don't notice that their URL bars say 'http' instead of 'https' then what hope does the average corporate user who just wants to log into their damn computer with a minimum of hassle to do their job?

Secure Attention Key

Posted Apr 15, 2012 16:12 UTC (Sun) by tialaramex (subscriber, #21167) [Link]

I'm familiar with the fact that users are oblivious to the URL scheme (other things real users don't pay any attention to, in a test where they're entering their own, real banking credentials include: those images that confirm the remote site knows who you are by acting as a shared secret, a warning icon in the URL bar, and a dialog saying that the connection is insecure)

I wasn't relying on users to notice that something is wrong so much as for them not to notice that anything has changed. The users I deal with don't _seem_ to read that message about pressing Ctrl-Alt-Del and you can't stop it working, so it seemed to me that if people just press it by reflex everything works out OK. Judging from the other reply though, I was wrong.

Secure Attention Key

Posted Mar 30, 2012 5:50 UTC (Fri) by khim (subscriber, #9252) [Link]

Someone would have to do an experiment to check, but this wouldn't be the first time it turned out users are (in a sense) too dumb to fall for a clever trick.

Experiment showed resounding success. Only instead of “press Ctrl+Alt+Insert” they used trojans with some nonsensical premise in text and “send SMS to XXX-XXX-XXXX” (paid number, obviously) ending. Apparently this business scheme is quite profitable.