HTTPS CRIME hack exploit explained

// September 16th, 2012 // Hacking and Security

Advertisements

Few hacks come along that are truly groundbreaking but when the foundation of the web’s security, SSL/TLS, is cracked – “Houston, we have a problem”. SSL, the backbone of Internet encryption, encrypts data between the client and the server and it is vulnerable to an attack known as CRIME.

The hack

The CRIME attack takes advantage of a SSL-based compression flaw and allows the hacker to hijack the user’s web browser session after luring them into leaking an authentication cookie that is created when the user starts a secure session with a website. Secure Sockets Layer and Transport Layer Security (SSL/TLS) utilize compression schemes to reduce the amount of data that is transmitted across the wire (less data moved around, faster the browsing experience). If the browser and server utilize TLS compression or SPDY, and all modern browsers do, then they are vulnerable. The exploit is appropriately called CRIME (Compression Ratio Info-Leak Made Easy).

How it works

Each SSL-based web request is prefaced with an authentication cookie and secret key that is created when the secure session is started. CRIME uses JavaScript to perform a brute force attack on the secret key by comparing two different encrypted messages, letter by letter, to determine the value of the secret key. The JavaScript routine repeatedly compresses and encrypts a data packet supplied by the hacker, and combined with the secret key of the SSL session, and compares the results of each attempt. Since compression leaks clues about the encrypted contents, this method allows the hackers to analyze changes in the data packet comparisons and hence, allows them to unravel the encrypted data. The clues leaded in this case, is the size of the message.

Each encrypted request that the JavaScript routine generates, includes a file name path which the JavaScript routine changes in each test iteration.  Since the compression routine drops redundant data bits, if the file name matches part of the login cookie, it will be removed and the size of the message will decrease.  When the message size decreases, CRIME knows the file name path that it just used comprises part of the encrypted login cookie.

The entire process only takes a couple of minutes (and only a maximum of six request per cookie byte) and once the session cookie is decrypted, the hacker can hijack the SSL protected session.

Advertisements

Most browser vendors have stated that their newest browsers have already been patched but it is not clear if Opera, Safari, and mobile browsers are still susceptible to the attack. It is also worth noting that older versions of SSL may still be vulnerable to last year’s BEAST attack vector which coincidentally (or not) was created by the same guys that developed the CRIME attack vector.

Advertisements
Geek wear at Ivy and Pearl Boutique




« « Previous Article: What do we know about Apple’s iPhone 5 processor?     » » Next Article: Apple posts detailed iPhone 5 schematic for case makers


Leave a Reply

You must be logged in to post a comment.

%d bloggers like this: