Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Freak Attack - Surprised? No. Worried? A little.

Published: 2015-03-04
Last Updated: 2015-03-04 04:06:34 UTC
by Mark Hofman (Version: 1)
1 comment(s)

There has been some press surrounding the SSL issue published recently dubbed Freak.  It was reported in the Washington post1 and other sites, but what does it really mean?

The issue relates to the use of Export Ciphers (the crypto equivalent of keeping the good biscuit yourself and giving the smaller broken one to your little brother or sister).  The Export Ciphers were used as the "allowed" ciphers for non US use.  The ciphers are part of OpenSSL and the researchers2 have identified a method of forcing the exchange between a client and server to use these weak ciphers, even if the cipher suite is not "officially" supported3.  

On first reading, like many, I thought so what, especially since you have to do a man-in-the-middle (MITM attack.  When you do a MITM attack you have full control over the connection anyway, so why bother decrypting anything? However, if I'm reading and interpreting the examples correctly (kind of hoping I'm wrong), it looks like this particular attack solves one challenge that a MITM has. For HTTPS intercept you usually generate a new certificate with the information of the site and resign the certificate before presenting it to the client. Whenever you present this newly signed certificate  the client receives an error message stating that the certificate does not match the expected certificate for the site.  From the vids2 it looks like this attack could "fix" that particular problem.  So now when you perform a MITM attack you retain the original certificate and the user is none the wiser.  This could open up a whole new avenue of attacks against clients and potentially simplify something that was quite difficult to do. 

What is the impact to organisations? Well it is quite possible that your sites will be impersonated and there won't be much that can be done about it and you may not even know that your customers are being attacked.  To prevent your site from being used in this attack you'll need to patch openSLL4 (yes again).  This issue will remain until systems have been patched and updated, not just servers, but also client software.  Client software should be updated soon (hopefully), but there will no doubt be devices that will be vulnerable to this attack for years to come (looking at you Android).

Matthew Green in his blog3 describes the attack well and he raises a very valid point. Backdoors will always come back to bite. 

The researchers have set up a site with more info5. 

Cheers

Mark H  - Shearwater

(Thanks Ugo for bringing it to our attention).

Links:

1 - http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/03/freak-flaw-undermines-security-for-apple-and-google-users-researchers-discover/
2 - https://www.smacktls.com/#freak
3 - http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html
4 - https://www.openssl.org/news/secadv_20150108.txt
5 - https://freakattack.com/

Keywords:
1 comment(s)
ISC StormCast for Wednesday, March 4th 2015 http://isc.sans.edu/podcastdetail.html?id=4381
Diary Archives