Online security: new OpenSSL flaws could enable hackers to intercept and exploit traffic between clients and servers

It has not been a good week for the open source encryption protocol OpenSSL. With an estimated 12,000 popular domains still vulnerable, a new way of exploiting the Heartbleed bug has been discovered which can steal information from wireless networks and the devices which connect to them. To compound matters researchers at Japanese security firm, Lepidum, have discovered an entirely new remotely exploitable vulnerability within the OpenSSL protocol which could enable a hacker to intercept and decrypt traffic between vulnerable clients and servers. The new flaw which affects all versions of OpenSSL client versions 1.0.0 and 1.0.2-beta1 of the server software could potentially leave millions of Android smartphones and tablets at risk.

The Heartbleed Bug made headlines a couple of months ago when the news was revealed that millions of websites were vulnerable to a flaw in the OpenSSL code which they used to encrypt their communications, meaning hackers could potentially steal millions of usernames, passwords and credit card numbers. Systems administrators were urged to update their systems to deal with the threat. However, a Portuguese security researcher, Luis Grangeia, has since discovered a new way of exploiting the vulnerability. He has published a new piece of software, dubbed Cupid, which gives those looking to attack vulnerable systems the ability to easily steal passwords, usernames and other sensitive information from routers and devices connected to them as long as they relied on vulnerable versions of OpenSSL.

The code comes in the form of two extensions. The first allows a hacker to create a malicious Wi-Fi network and steal information from any devices which connects to it: the second works in the opposite way, and if applied to the client-side via laptop, tablet, or smartphone, would allow anyone to steal information from a vulnerable wireless network they connected to. However, this exploit only works on certain types of wireless network which are secured using the extended authentication protocol (EAP), which many large organisations use to password-protect access.

In a blog post explaining his research, Grangeia claimed:

“This is basically the same attack as Heartbleed, based on a malicious heartbeat packet. Like the original attack, which happens on regular TLS connections over TCP, both clients and servers can be exploited and memory can be read off processes on both ends of the connection. The difference in this scenario is that the TLS connection is being made over EAP, which is an authentication framework/mechanism used in wireless networks.”

Whilst this latest OpenSSL flaw is undoubtedly serious, Adam Langley, a researcher on the security team at Google, believes is unlikely to cause the same levels of distress as the original bug. Never the less, he still maintains that the vulnerability could have a number of fairly serious repercussions:

“The implications of this are pretty complex. For a client there’s an additional check in the code that requires that a CCS message appear before the Finished and after the master secret has been generated. An attacker can still inject an early CCS too and the keys will be calculated with an empty master secret. Those keys will be latched – another CCS won’t cause them to be recalculated. However, when sending the second CCS that the client code requires, the Finished hash is recalculated with the correct master secret. This means that the attacker can’t fabricate an acceptable Finished hash. This stops the obvious, generic impersonation attack against the client,” he wrote.

“For a server, there’s no such check and it appears to be possible to send an early CCS message and then fabricate the Finished hash because it’s based on an empty master secret. However, that doesn’t obviously gain an attacker anything.”

Researcher, Masashi Kikuchi of Lepidum, highlighted a new vulnerability which allows for man-in-the-middle (MITM) attacks, meaning hackers could intercept and decrypt traffic being sent between vulnerable clients’ smartphones, laptops, tablets and servers. To exploit this flaw a hacker would need to have a man-in-the-middle position on the network to intercept the traffic: what’s more, they could only decrypt traffic between a vulnerable client and vulnerable server – limiting the situations where this flaw could be used.

Security experts have tried to quell unnecessary panic by pointing out that these restrictive preconditions may limit the likelihood of widespread attacks, but in the current environment, where open wireless networks are ubiquitous and where many users connect to them without giving security a second thought, gaining a MITM position may not be such an insurmountable hurdle to overcome.

If you are looking for further information and advice on website vulnerability, penetration testing, security reviews, security compliance and web security solutions, contact Krypsys. For more information on web security solutions, please contact Krypsys on 01273 044072 or [email protected].