Attacks/Breaches
8/5/2013
11:47 AM
50%
50%

HTTPS Hackable In 30 Seconds: DHS Alert

Department of Homeland Security urges all website operators to review whether they're vulnerable to new crypto attack. No easy fix exists.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Security experts are warning website operators to test whether their HTTPS traffic is vulnerable to a new crypto attack that can be used to grab sensitive information.

The so-called BREACH attack -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- was detailed in a Department of Homeland Security (DHS) "BREACH vulnerability in compressed HTTPS" advisory, issued Friday, which warned that "a sophisticated attacker may be able to derive plaintext secrets from the ciphertext in an HTTPS stream." All versions of the transport layer security (TLS) and secure sockets layer (SSL) protocols are vulnerable.

Full details of the vulnerability were first unveiled Thursday at the Black Hat conference in Las Vegas by Salesforce.com lead product security engineer Angelo Prado, Square application security engineer Neal Harris, and Salesforce.com lead security engineer Yoel Gluck. Their man-in-the-middle HTTPS crypto attack involves watching "the size of the cipher text received by the browser while triggering a number of strategically crafted requests to a target site," according to exploit details provided by Prado to DHS. "To recover a particular secret in an HTTPS response body, the attacker guesses character by character, sending a pair of requests for each guess. The correct guess will result in a smaller HTTPS response," he said.

[ Read how Facebook just fixed a big security hole: How To Hack Facebook In 60 Seconds. ]

With repetition, an attacker can guess the exact secret. "In practice, we have been able to recover CSRF tokens with fewer than 4,000 requests," said Prado. "A browser like Google Chrome or Internet Explorer is able to issue this number of requests in under 30 seconds, including callbacks to the attacker command and control center."

Prado told Dark Reading that the group's research builds on the Compression Ratio Info-leak Made Easy (CRIME) exploit discovered last fall by security researchers Juliano Rizzo and Thai Duong, who had previously discovered the Browser Exploit Against SSL/TLS (BEAST) attack. The new attack could be used to surreptitiously retrieve user IDs, email addresses, some types of authentication tokens, password-reset links and more from sites secured using HTTPS.

Prado and his fellow researchers have promised to release a related tool to allow businesses to test whether their sites are susceptible to a BREACH-style attack.

Their attack is the latest exploit that demonstrates that so-called secure HTML pages aren't always fully secure. "When you're designing security protocols, you can implement cryptography properly, but you cannot always provide perfect confidentiality," said Prado. "When you mix a lot of protocols into the stack, there might be other layers in the stack that might be overly permissive, and then you might be able to compromise the entire trust relationship."

On the upside, the vulnerabilities outlined by the trio would need to be targeted on a site-by-site basis. For any compromised site, visitors would then be at risk of having their secret details compromised.

But Prado said that numerous sites are at risk, and that crafting a related HTTPS fix would likely be "nontrivial." Still, the DHS advisory details mitigation strategies that businesses can employ, which include disabling HTTP compression such as gzip, as well as randomizing the secrets being transmitted in any particular request.

"HTTPS remains a good method of transmitting data online, but it certainly isn't perfect," AppRiver security analyst Jon French told the British Computer Society. "'Many researchers and hackers are constantly trying to find flaws within the HTTPS protocol precisely because so many people rely on it. As a result, while BREACH is the latest tool for intercepting HTTPS traffic, it's not the only one out there."

Still, the BREACH exploit vector carries caveats. "Researchers say that attackers must have access to passively monitor the target's Internet traffic," French said. "In most cases, monitoring would have to be done locally on the same network -- and that adds a layer of difficulty for hackers."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
David F. Carr
50%
50%
David F. Carr,
User Rank: Apprentice
8/6/2013 | 1:58:55 PM
re: HTTPS Hackable In 30 Seconds: DHS Alert
"locally on the same network" == sitting in the same coffee shop on the same wireless network? Not such a rare scenario
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6123
Published: 2014-12-28
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

CVE-2014-6160
Published: 2014-12-28
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.