SSL/TLS Suffers Bar Mitzvah Attack

  /     /     /  
Publicated : 22/11/2024   Category : security


SSL/TLS Suffers Bar Mitzvah Attack


Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.



SSL/TLS encryption once again is being haunted by an outdated and weak feature long past its prime:  a newly discovered attack exploits a weakness in the older, less secure RC4 encryption algorithm option in SSL/TLS thats still supported in many browsers and servers.
Itsik Mantin, director of security research with Imperva, at Black Hat Asia in Singapore today will detail how an attacker could sniff credentials and other information during an SSL session in an attack he named the Bar Mitzvah Attack after 13-year-old weaknesses in the algorithm it abuses. The attack is a glaring reminder that the RC4 algorithm, long known to be breakable, should be put to rest once and for all, according to Mantin.
Bar Mitzvah exploits the weak keys used by RC4 and allows an attacker to recover plain text from the encrypted information, potentially exposing account credentials, credit card data, or other sensitive information. And unlike previous SSL hacks, this one doesnt require an active man-in-the-middle session, just passive sniffing or eavesdropping on SSL/TLS-encrypted connections, Mantin says. But MITM could be used as well, though, for hijacking a session, he says.
Using a sniffer, the attacker can passively spy on the SSL sessions of a targeted organization, for instance, or an application. He then can ferret out the keys being used in the encrypted session of a user logging on to his Facebook account, or a ecommerce transaction. The attacker sees parts of the encrypted message that can be used to wage an attack, Mantin says. He can recover part of the random key stored in plain text … and recover parts of the plain text prior to its being encrypted, he says. When a weak key is used, part of the plain text can be recovered from the cipher text.
Its basically an algorithm problem, according to Mantin, who notes that most browsers still include support for RC4 and more than half of servers support it. He says some 30% of TLS sessions still use RC4, which for more than a decade has been superseded by the stronger AES algorithm.
Client machines and servers running SSL/TLS negotiate which algorithm to use for encrypted sessions, he explains. Today, many still have RC4 in this negotiation process, he says. RC4 in some cases gets selected for performance reasons, he says.
The result: if RC4 is an option and gets selected, an attacker can potentially wage the Bar Mitzvah Attack.
But dont panic: Mantin says its not an imminent threat per se, and fixing it merely requires removing the RC4 algorithm from the mix.
[Everything you need to know about today’s IT security challenges – but were afraid to ask. Register with Discount Code DRBLOG to save $100 for this special one-day event,
Dark Readings Cyber Security Crash Course at Interop on Wednesday, April 29
.]
This isnt the first attack demonstrating RC4s woes:  in 2013,
researchers Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt
, showed how RC4 is basically broken.  RC4 has been known to be weak for quite many years, says Mantin, who notes that the main difference with his attack and previous RC4 research is that his focuses on the use of the class of weak keys used by RC4.
He says while theres been a gradual trend to phase out RC4 altogether, the process has dragged on.
RC4s troubles have long been in the spotlight, he says, which is frustrating. This is very odd to me. These things were known in the crypto community for more than a decade, old vulnerabilities in RC4 and in some sense, (they) were ignored by the security industry, Mantin says. 
Outdated Features Add Risk
The Bar Mitzvah Attack is yet another in a series of vulnerabilities in SSL/TLS encryption exposed over the past year due to old, outdated options in the encryption implementation.
The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack
, for example, allowed an attacker to downgrade to the older, less secure SSL Version 3 encryption standard.
More recently, some SSL/TLS client and server implementations were found vulnerable to being forced to employ the weak, old-school 512-bit encryption option long abandoned as easily cracked. Some one-fourth of SSL-encrypted websites were found to be potentially vulnerable to the so-called
Factoring RSA Export Keys (FREAK) attack
, including FBI.gov and Whitehouse.gov. Microsoft Windows also was found vulnerable to FREAK, and since has been patched for the flaw.
Meanwhile, the Internet Engineering Task (IETF) is well aware of the problem of too many options in the crypto standards, so the
new version of TLS currently under development, TLS 1.3, trims the fat in the specification
, eliminating older encryption algorithms and other outdated features.
Mantin has now published a white paper with technical details of the attack, available
here
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SSL/TLS Suffers Bar Mitzvah Attack