ubuntu-website-content

ISO self-verification is insecure

Bug #1603801 reported by Thomas Mayer on 2016-07-17

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ubuntu-website-content	New	Undecided	Unassigned

Bug Description

https://help.ubuntu.com/community/VerifyIsoHowto#While_booting states that users should verify a disk by booting from the disk and using binaries on disk for verification.

While I go along that this is sufficiant to check against random errors (transmission/storage), I think this would be a stupid way to check against a willingly compromised media.

Proof-of-concept:
IF an attacker (e.g. MITM, CD-Shop, download mirror etc.) can manipulate an ISO THEN he or she also can manipulate hashing tools like md5sum, shasum, sha256sum.

The hashing tool could e.g. always output the original hash of the ISO. Or, more sophisticated, do this only if the incoming file has known properties like a known file size. As a result, verification is passed although it should not pass for a compromised media.

There should at least be a warning on the web site, otherwise users feel in non-existent safety.

Thomas Mayer (thomas303) on 2016-08-29

information type:

Private Security → Public Security

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.