The so-called BREACH attack -- short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext -- was detailed in a Department of Homeland Security (DHS) "BREACH vulnerability in compressed HTTPS" advisory, issued Friday, which warned that "a sophisticated attacker may be able to derive plaintext secrets from the ciphertext in an HTTPS stream." All versions of the transport layer security (TLS) and secure sockets layer (SSL) protocols are vulnerable.
Full details of the vulnerability were first unveiled Thursday at the Black Hat conference in Las Vegas by Salesforce.com lead product security engineer Angelo Prado, Square application security engineer Neal Harris, and Salesforce.com lead security engineer Yoel Gluck. Their man-in-the-middle HTTPS crypto attack involves watching "the size of the cipher text received by the browser while triggering a number of strategically crafted requests to a target site," according to exploit details provided by Prado to DHS. "To recover a particular secret in an HTTPS response body, the attacker guesses character by character, sending a pair of requests for each guess. The correct guess will result in a smaller HTTPS response," he said.
[ Read how Facebook just fixed a big security hole: How To Hack Facebook In 60 Seconds. ]
With repetition, an attacker can guess the exact secret. "In practice, we have been able to recover CSRF tokens with fewer than 4,000 requests," said Prado. "A browser like Google Chrome or Internet Explorer is able to issue this number of requests in under 30 seconds, including callbacks to the attacker command and control center."
Prado told Dark Reading that the group's research builds on the Compression Ratio Info-leak Made Easy (CRIME) exploit discovered last fall by security researchers Juliano Rizzo and Thai Duong, who had previously discovered the Browser Exploit Against SSL/TLS (BEAST) attack. The new attack could be used to surreptitiously retrieve user IDs, email addresses, some types of authentication tokens, password-reset links and more from sites secured using HTTPS.
Prado and his fellow researchers have promised to release a related tool to allow businesses to test whether their sites are susceptible to a BREACH-style attack.
Their attack is the latest exploit that demonstrates that so-called secure HTML pages aren't always fully secure. "When you're designing security protocols, you can implement cryptography properly, but you cannot always provide perfect confidentiality," said Prado. "When you mix a lot of protocols into the stack, there might be other layers in the stack that might be overly permissive, and then you might be able to compromise the entire trust relationship."
On the upside, the vulnerabilities outlined by the trio would need to be targeted on a site-by-site basis. For any compromised site, visitors would then be at risk of having their secret details compromised.
But Prado said that numerous sites are at risk, and that crafting a related HTTPS fix would likely be "nontrivial." Still, the DHS advisory details mitigation strategies that businesses can employ, which include disabling HTTP compression such as gzip, as well as randomizing the secrets being transmitted in any particular request.
"HTTPS remains a good method of transmitting data online, but it certainly isn't perfect," AppRiver security analyst Jon French told the British Computer Society. "'Many researchers and hackers are constantly trying to find flaws within the HTTPS protocol precisely because so many people rely on it. As a result, while BREACH is the latest tool for intercepting HTTPS traffic, it's not the only one out there."
Still, the BREACH exploit vector carries caveats. "Researchers say that attackers must have access to passively monitor the target's Internet traffic," French said. "In most cases, monitoring would have to be done locally on the same network -- and that adds a layer of difficulty for hackers."