BluezonerIdGenerator.createBluezonerId is predictable

[cuonglm]

BluezonerIdGenerator.createBluezonerId use java.utils.random.Random, with current time as seed.

The problem is that java.utils.random.Random will return identical result for the same seed, so one can enumerate all the past and future bluezoner IDs. Example:

$ cat BluezonerIdGenerator.java
import java.util.Random;

public class BluezonerIdGenerator {
    public static String createBluezonerId(int numberChar) {

        // Char random
        final String charRandom = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
        final int charRandomLength = charRandom.length();

        // String
        StringBuilder bluezonerIdBuilder = new StringBuilder();

        // Random
        Random rand = new Random(1234567890);

        // for tao numberChar ki tu
        for (int i = 0;  i < numberChar; i++) {
            // Check
            long randomValue = Math.abs(rand.nextLong());

            // Index
            int index = (int) (randomValue % charRandomLength);

            // Create
            bluezonerIdBuilder.append(charRandom.substring(index, index + 1));
        }

        // Ret
        return bluezonerIdBuilder.toString();
    }

    public static void main (String args[]) {
        BluezonerIdGenerator idGen = new BluezonerIdGenerator();
        System.out.println(idGen.createBluezonerId(6));
    }
}

Compile and run:

cuonglm at Cuongs-MBP in ~
$ javac BluezonerIdGenerator.java

cuonglm at Cuongs-MBP in ~
$ java BluezonerIdGenerator
NqaE2l

cuonglm at Cuongs-MBP in ~
$ java BluezonerIdGenerator
NqaE2l

Run the same program on another machine give the same result.

[khanhcoc1210]

BluezonerIdGenerator.createBluezonerId use java.utils.random.Random, with current time as seed.

The problem is that java.utils.random.Random will return identical result for the same seed, so one can enumerate all the past and future bluezoner IDs. Example:

$ cat BluezonerIdGenerator.java
import java.util.Random;

public class BluezonerIdGenerator {
    public static String createBluezonerId(int numberChar) {

        // Char random
        final String charRandom = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
        final int charRandomLength = charRandom.length();

        // String
        StringBuilder bluezonerIdBuilder = new StringBuilder();

        // Random
        Random rand = new Random(1234567890);

        // for tao numberChar ki tu
        for (int i = 0;  i < numberChar; i++) {
            // Check
            long randomValue = Math.abs(rand.nextLong());

            // Index
            int index = (int) (randomValue % charRandomLength);

            // Create
            bluezonerIdBuilder.append(charRandom.substring(index, index + 1));
        }

        // Ret
        return bluezonerIdBuilder.toString();
    }

    public static void main (String args[]) {
        BluezonerIdGenerator idGen = new BluezonerIdGenerator();
        System.out.println(idGen.createBluezonerId(6));
    }
}

Compile and run:

cuonglm at Cuongs-MBP in ~
$ javac BluezonerIdGenerator.java

cuonglm at Cuongs-MBP in ~
$ java BluezonerIdGenerator
NqaE2l

cuonglm at Cuongs-MBP in ~
$ java BluezonerIdGenerator
NqaE2l

Run the same program on another machine give the same result.

In project // Random Random rand = new Random(System.currentTimeMillis());

Maybe, same seed with milliseconds.

[cuonglm]

@khanhcoc1210 can you elaborate what do you mean?

[khanhcoc1210]

@khanhcoc1210 can you elaborate what do you mean?

It is too hard to have 2 duplicated ID when using System.currentTimeMillis().

[cuonglm]

@khanhcoc1210 can you elaborate what do you mean?

It is too hard to have 2 duplicated ID when using System.currentTimeMillis().

My point is not about duplicated IDs, but about predictable. One DOS attack scennario:

• Use a for loop to generate all future IDs, start from now.
• Register all theses IDs to server.

Now legal users want to use app can not register anymore, because of duplicated IDs.

PS: also, it's not hard to have 2 duplicated IDs even your precision is milliseconds.

[khanhcoc1210]

@khanhcoc1210 can you elaborate what do you mean?

It is too hard to have 2 duplicated ID when using System.currentTimeMillis().

My point is not about duplicated IDs, but about predictable. One DOS attack scennario:

• Use a for loop to generate all future IDs, start from now.
• Register all theses IDs to server.

Now legal users want to use app can not register anymore, because of duplicated IDs.

I understood. :D

[thaidn]

You should switch to SecureRandom. It's a 3-line change. I can send a PR if you want me to.

[htruong]

Generating a random number from currentMillis() is a bad way to generate a random ID.

Also, it allows anyone who knows your ID to deduce your installation time by brute-forcing by searching all possible seeds. This is (theoretically) problematic when the government wants to know when you installed the app.

[khanguy00]

I'm not a security expert, but I know most of applications use UUID nowadays. And even if we want to limit the length, we could do like this:

String randomUUID = UUID.randomUUID().toString();
String id = randomUUID.substring(randomUUID.length - charLength, randomUUID.length);

Note: UUID.randomUUID() uses SecureRandom, btw.

[thaidn]

FYI: somebody filed a CVE for this bug https://nvd.nist.gov/vuln/detail/CVE-2020-12270.

[thaidn]

It looks like this has been fixed.

Since early May, Bluezone has started using rolling IDs, generated with an algorithm not unlike DP3T's.

[thaidn]

Since early May, Bluezone has started using rolling IDs, generated with an algorithm not unlike DP3T's.

I discovered this by reverse engineering the latest Android version on Google Play Store. I'm not sure about iOS.