iTnews
  • Home
  • News
  • Technology
  • Security

Decades-old ROBOT flaw busts open TLS

By Juha Saarinen on Dec 14, 2017 7:00AM
Decades-old ROBOT flaw busts open TLS

Sites and equipment vendors issue patches.

Facebook, PayPal and other popular websites are at risk from a cryptography flaw in the transport layer security (TLS) protocol that could enable attackers to decrypt communications and traffic.

The flaw goes back almost two decades to 1998 when cryptographer Daniel Bleichenbacher discovered a weakness in how the public key cryptography standard (PKCS ) 1.15, used with TLS, handles error messages.

Bleichenbacher found that padding in the error messages for PKCS 1.15 allowed for an arbitrary ciphertext attack.

Now European researchers have devised a minor variant of the older attack that they have named the Return of Bleichenbacher's Oracle Threat (ROBOT).

This attack "fully breaks the confidentiality of TLS when used with RSA encryption", researchers Hanno Böck, Jurau Somorovsky and Craig Young wrote.

As a proof of concept, they were able to exploit the vulnerability to sign a test message with Facebook's private encryption key.

"For hosts that are vulnerable and only support RSA encryption key exchanges it's pretty bad. It means an attacker can passively record traffic and later decrypt it," Böck, Somorovsky and Young said.

So far, Cisco, Citrix, F5, Radware, and API library Bouncy Castle have patched for the vulnerability, with Oracle, Erlang, WolfSSL, and MatrixSSL also issuing updates.

Even perfect forward secrecy - which protects against decryption of past communications if future keys are compromised - might not protect against a ROBOT attack, the trio said.

Hosts that continue to support the vulnerable RSA encryption may be still be at risk if an attacker can act quickly by impersonating servers or being in a man-in-the-middle position to intercept traffic - such a scenario is possible but "more challenging", the security researchers said.

They recommended disabling RSA encryption to mitigate the attack.

"ROBOT only affects TLS cipher modes that use RSA encryption," the trio said.

"Most modern TLS connections use an Elliptic Curve Diffie Hellman key exchange and need RSA only for signatures.

"We believe RSA encryption modes are so risky that the only safe course of action is to disable them. Apart from being risky these modes also lack forward secrecy.

"By disabling RSA encryption we mean all ciphers that start with TLS_RSA. It does not include the ciphers that use RSA signatures and include DHE or ECDHE in their name. These ciphers are not affected by our attack."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bleichenbachercryptographyoraclerobotrsasecuritytls

Partner Content

Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Juha Saarinen
Dec 14 2017
7:00AM
0 Comments

Related Articles

  • Java 15 introduced a cryptographic vulnerability
  • Researchers hacked Oracle servers to demo serious vulnerability
  • RBA pushes first IaaS workload into Azure
  • Oracle accredited 'certified strategic' gov cloud provider
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
PayTo rollout kicks off

PayTo rollout kicks off
Researchers hacked Oracle servers to demo serious vulnerability

Researchers hacked Oracle servers to demo serious vulnerability
Neobank Volt exits the banking industry

Neobank Volt exits the banking industry

Digital Nation

COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
The security threat of quantum computing
The security threat of quantum computing
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.