SSL under threat as flaw exploited

News 22 Sep, 2011

Fears over the security credentials of SSL rise after researchers claim to have found a way to exploit a long-known vulnerability.

Researchers have found a way to exploit a long-known flaw in TLS (Transport Layer Security) that could undermine the security credentials of the SSL cryptographic protocol and affect millions of sites.

The attack methodology, due to be presented by Juliano Rizzo and Thai Duong at the Ekoparty conference this week, targets TLS version 1.0 and SSL 3.0.

As millions use those protocols to protect certain web transactions, millions of sites could be affected. Major companies, including PayPal and Google, use TLS version 1.0.

Fixing the vulnerability that BEAST exploits may require a major change to the protocol itself.

Rizzo and Duong have created a tool called BEAST (Browser Exploit Against SSL/TLS) to attack the AES encryption algorithm used in TLS and SSL.

BEAST is able to grab and decrypt HTTPS cookies once installed on an end user’s browser. This can be achieved either through an iframe injection or by loading the BEAST JavaScript into the target’s browser, according to Kaspersky Lab’s Threatpost.

This means the attackers can hijack users’ sessions and get all the information they want.

“While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests,” Duong said.

“While fixing the authenticity vulnerabilities may require a new trust model, fixing the vulnerability that BEAST exploits may require a major change to the protocol itself. Actually we have worked with browser and SSL vendors since early May, and every single proposed fix is incompatible with some existing SSL applications.”

Google has reportedly prepared an update for its Chrome browser already to help counter the BEAST.

Carrying out the attack is not so simple, however. The hacker has to become the ‘man-in-the-middle’ to start with.

“It doesn’t mean that anyone can intercept your network traffic and obtain the real data behind it,” said Panda Security’s Luis Corrons.

“To be able to do that, first they need to gain access to your browser to inject some JavaScript that will do the work. And of course, if you already have gained access to the computer you can do that or install any kind of Trojan horse.”

Corrons suggested attackers could also set up a Wi-Fi hotspot to snare users.

“You can create the typical Wi-Fi hotspot, so when anyone connects to it they’ll get redirected to the usual welcome page that says thanks for using this service, keep this page open so you can use it for free, click here to start browsing… and that’s it,” he told IT Pro.

Other security professionals have shown their concern about BEAST and its implications for millions of websites.

Philip Hoyer, director of strategy solutions at ActivIdentity, called into question the use of SSL.

“To spell it out: transaction confidentiality based on the SSL TLS V1.0 protocol (the most used still today) is dead,” Hoyer said.

“The only true defense from fraudulent transactions is to sign the transaction or part of the transaction data so that the attacker cannot inject bogus material. This means effectively using a token with a pin pad (software on phone or dedicated hardware token) to enter transaction details or signing the transaction using a public key infrastructure certification.”

The development comes after fears over hacker exploitation of SSL following hacks on certficate authorities (CAs).

Over 500 fake certificates were issued following a hack on CA DigiNotar, meaning anyone with those fake certificates could dupe end users into believing their internet transactions were being protected by SSL.

DigiNotar was declared bankrupt earlier this week.