Some of the most popular websites and services online, including Facebook and PayPal, are vulnerable to an exploit that has resurfaced since 1998.
The security bug, called ROBOT, was first discovered almost two years ago. decades by Daniel Bleichenbacher.
PKCS # 1 1.5 Filling error messages produced by Secure Sockets Layer (SSL) servers allow an adaptive encryption text attack that "completely breaks the confidentiality of TLS when used with RSA encryption", according to researchers Hanno Böck and Juraj Somorovsky of Hackmanit GmbH, Ruhr-Universität Bochum, and Triprire VERT & # 39; s Craig Young.
The server implementation error can be used to perform RSA decryption and key signature to decipher traffic.
"We discovered that by using a lightweight This vulnerability can still be used against many HTTPS hosts on the Internet today," says the team.
The original vulnerability was modified by adding signals capable of distinguishing between error types such as waiting times, connection restarts, and duplicate TLS alerts.
This means that for sites vulnerable to ROBOT, attackers have the opportunity to record traffic flows for later decryption. Private keys are not retrieved during the process and, therefore, it is not necessary to revoke the certificates.
"For hosts that generally use the anticipated secret, but still support a vulnerable RSA encryption key exchange, the risk depends on how fast an attacker is able to perform the attack," the researchers say. "We believe that a server impersonation or a man in the middle attack is possible, but it is more challenging."
When the vulnerability of 19 years was discovered for the first time, the TLS developers implemented countermeasures. However, these protections are incredibly complex to implement and it seems that due to implementation complications, they have not been implemented correctly.
"We used minor variations of the original attack and we were successful," the researchers say. "This problem was hidden in plain sight."
A research document describing the return of the vulnerability (.PDF) in the ePrint file of Cryptology was published.
According to the team, 27 of the top 100 Alexa domains are vulnerable, along with at least seven providers, including F5, Citrix and Cisco.
Facebook has patched its servers, and the available patches are listed below:
It is important to note that MatrixSSL and JSSE are old vulnerabilities, but because the computer detected vulnerable hosts, they have been included.
However, the team says that other providers "have pending solutions", so they will not be named at this time.
Researchers launched a test for public HTTPS servers, along with a Python tool to detect vulnerabilities in hosts.
"Most modern TLS connections use an Elifftic Curve Diffie Hellman key exchange and need RSA only for signatures," the team says. "We believe that RSA encryption modes are so risky that the only safe course of action is to disable them, as well as being risky, these modes also lack confidentiality."
Previous and related coverage