‘Old attack on TLS still works at Facebook and other major sites’

Spread the love

Security researchers determined that a 1998 attack still works on sites that use tls with rsa. A third of Alexa’s top 100 sites were affected, including Facebook and PayPal. The researchers found the sites with a self-developed scan tool.

The researchers present their findings via a special site and a paper. They have named the attack Robot, as it is a slightly modified version of the attack discovered by Daniel Bleichenbacher in the 1990s. He found that the ssl protocol, more precisely the PCKS #1 v1.5 standard, was vulnerable to a method whereby the attacker repeatedly modifies an encrypted text and in this way can eventually decrypt without having the encryption key. . The word ‘oracle’ in the attack refers to the fact that a vulnerable server always answered true or false, which made the attack possible. The researchers were able to slightly modify this attack and use it on tls in combination with rsa encryption.

Tls is the successor to ssl and is used to secure an https connection. According to the researchers, their method allows an attacker to decrypt internet traffic between, for example, a user and a vulnerable server, provided that he has intercepted the traffic and that the server only supports RSA key exchange. They consider it possible for an attacker to impersonate the server or perform a man-in-the-middle attack, but that would be more challenging than decrypting internet traffic.

Several network equipment manufacturers are vulnerable, including F5, Citrix, and Radware. The researchers have published a full list on their site, including some open source projects. In addition, using a proprietary scan tool, which is publicly available, they determined that subdomains of 27 sites from Alexa’s top 100 most popular sites were also vulnerable. When they looked at the 1 million most popular sites, they found a lower percentage of around 2.5. Major sites affected were PayPal and Facebook. The researchers were able to sign a message with Facebook’s private key.

In the paper, the authors discuss the reason that such an old attack is still possible today. They write that after Bleichenbacher’s discovery, it was decided to include certain countermeasures in tls, but to keep the vulnerable encryption methods. This resulted in a complex chapter on countermeasures in the tls specification. The researchers therefore call it ‘not surprising that the work-arounds have not been implemented correctly’.

A tool can be found at the top of the Robot site with which vulnerable sites can be identified. The researchers warn that future variations of the attack could expose more vulnerable hosts. They recommend disabling rsa encryption for tls completely, targeting encryption whose name starts with TLS_RSA. There is no need to update the browser or revoke certificates. Rsa has been given the status deprecated in tls 1.3.

You might also like