BEAST Emerges: Browser Exploit Against SSL/TLS

Monday, September 26, 2011



Editors Note: The source for this article identified the exploit as being against "SSL/TSL" as opposed to "SSL/TLS" - we corrected the error for this coverage. Hat tip to Jamie Adams for spotting the error.

Two security researchers have discovered an exploit that takes advantage of a long standing vulnerability in the most widely used encryption protocols which could potentially expose sensitive data transfers on millions of websites.

The exploit was dubbed "BEAST". which stands for "Browser Exploit Against SSL/TLS Emerges", and is being debuted at the Ekoparty security conference in Buenos Aires, Argentina.

The exploit, if employed by criminal hackers, could leave highly sensitive financial, online banking, and ecommerce transaction data exposed to interception and harvesting, according to the researchers.

"A couple of researchers were looking at the SSL protocol -- the secure socket layer protocol --  which is used to encrypt communications between users and web servers for things like online banking, PayPal and e-commerce on various shopping websites and those kinds of things. There's a problem that has been in the protocol for several years that a lot of security researchers knew about but didn't think was potentially exploitable. Nobody could figure out a way to make it an actual problem for users," said ThreatPost's editor Dennis Fisher.

Until now that is, as Fisher explains:

"When you sign into your online banking site, you get a little token the site places on your machine that says it's your computer, you're logged in and you're authenticated. That little cookie is encrypted so that an attacker can't grab it and use it himself on your online banking site and impersonate you. But now they are able to decrypt those cookies on the fly and then hijack that session with the secure site and effectively impersonate you," said Fisher.

Fisher says that the major internet browser providers like Google, Mozilla, Microsoft, Opera and Apple are already working on a solution to the vulnerability, and that there is no evidence that an active exploit tool has been developed by anyone other than the researchers who are presenting their finding at Ekoparty.

"The good news in all this is that plenty of researchers are already working on solutions for this. And also the exploitation, the actual attack they are using, uses this custom tool that they wrote. It's not something that's publicly available, though I believe they are releasing it when they present their research at the conference in Argentina," Fisher stated.

Newer versions of the SSL/TLS protocols are not susceptible to the exploit, though they are not as widely distributed as the current version, which remains vulnerable.

Given that the exploit has not turned up in the wild, Fisher believes there is little to no danger of widespread data loss occurring prior to vulnerability patches being issued to mitigate the problem.

"It's not the type of thing that typical online banking users need to worry about right now, today. It's not theoretical, a practical attack is being presented but it's probably not something that will be deployed against people in the next day or two. Normal Phishing attacks people see against their online banking sites, regular pieces of malware on their machine that record keystrokes and grab online banking passwords -- all those things are happening by the hundreds of thousands every single day. Those are the more clear and present threat right now to secure communications on the Internet," Fisher said.


Possibly Related Articles:
Encryption SSL Browser Security Vulnerabilities TLS Exploits Headlines BEAST Ekoparty Security Conference
Post Rating I Like this!
Jamie Adams It looks some work arounds are in progress:
It mainly affects ciphers using Cipher Block Chaining (CBC). So, "Servers can protect themselves by requiring a non-CBC cipher suite. One such cipher suite is rc4-sha, which is widely supported by clients and servers"

Jamie Adams And if you are running Apache web server, check out:
Jamie Adams The versions are... "according to reports, the attack impacts TLS 1.0 and SSL 3.0, but does not affect TLS versions 1.1 and 1.2. "
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.