Thursday, January 11th 2018

Hack Like It's 1998: Sites Still Vulnerable to Revived ROBOT Exploit

Another week, yet another security bulletin in tech news, with yet another vulnerability that joins the fray of both Intel's meltdown and Western Digital's MyCloud hacks. A team of researchers recently wrote a paper they titled "Return Of Bleichenbacher's Oracle Threat (ROBOT)". This paper went on to show how a well-known, circa 1998 exploit is still a viable way to take advantage of websites of even big name companies and services, such as Facebook and PayPal (in total, around 2.8% of the top 1 million sites also tested positive). The ROBOT exploit, a critical, 19-year-old vulnerability that allows attackers to decrypt encrypted data and sign communications using compromised sites' secret encryption key, is still valid. Only, it's 19 years later.

The heart of the issue stems from a vulnerability that was discovered in 1998 by researcher Daniel Bleichenbacher, who found the vulnerability in the TLS predecessor known as secure sockets layer. The attack is dubbed an Oracle threat because attackers can write specialized queries to which the websites and affected systems respond with "Yes" or "No"; as such, it's possible, given enough time, for attackers to build up the amount of disclosed sensitive information and get a clear picture of the protected data. To the flaw's discovery by Bleichenbacher, SSL architects apparently responded in a B-movie type of way, which nevertheless might have been needed to keep all systems green: by designing workarounds on top of workarounds, rather than removing or rewriting the faulty RSA algorithm.
"We were able to identify eight vendors and open-source projects and a significant number of hosts that were vulnerable to minor variations of Bleichenbacher's adaptive-chosen ciphertext attack from 1998," the researchers wrote in their research paper. "The most notable fact about this is how little effort it took us to do so. We can therefore conclude that there is insufficient testing of modern TLS implementations for old vulnerabilities." Affected products include some made by F5, Citrix, and Cisco.

"The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight," the researchers wrote in a blog post. "This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack." Sources: Return Of Bleichenbacher’s Oracle Threat (ROBOT) Paper, Robot Attack, via ArsTechnica, via TPU Forums @ user StefanM
Add your own comment

15 Comments on Hack Like It's 1998: Sites Still Vulnerable to Revived ROBOT Exploit

#1
R-T-B
The thing I have learned from all these security breach news releases?

You aparently can't be a hacker without a hoodie.
Posted on Reply
#2
dorsetknob
"YOUR RMA REQUEST IS CON-REFUSED"
R-T-B said:
The thing I have learned from all these security breach news releases?

You aparently can't be a hacker without a hoodie.
Just like you cannot be a Hooker without a Rugby Ball :)
Posted on Reply
#3
lexluthermiester
R-T-B said:
The thing I have learned from all these security breach news releases?
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.
Posted on Reply
#4
R-T-B
lexluthermiester said:
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.
Nature of complicated interconnected systems. Comes with the territory.
Posted on Reply
#5
Steevo
The real issue is that almost every exploit was intended to be a performance improvement, reduce the complexity of a program and hardware, allow easier sharing of useful data. People put things into action without asking the why not.
Posted on Reply
#6
PowerPC
lexluthermiester said:
The thing I've learned is that vulnerabilities can come from anywhere, including the past, and seemingly out of nowhere. Literally nothing is safe when you connect to the internet. One of the greatest tools man has ever devised and it's also one of the least secure.
It's a great tool, but very poorly implemented from the beginning.

Nothing can really change, if we still keep using protocols from 40 years ago. Like TCP/IP and Ethernet and all that. You can't just turn off the internet now and fix all those things under the hood, that would require to actually replace the internet. But we also can't ever rely on not being hacked on it.
Posted on Reply
#7
lexluthermiester
PowerPC said:
It's a great tool, but very poorly implemented from the beginning.
Completely disagree. The internet has always been and will likely forever be an ever evolving construct of information technology. When it was created, it was put together with the best that technology of the time had to offer.
Posted on Reply
#8
R-T-B
Steevo said:
The real issue is that almost every exploit was intended to be a performance improvement, reduce the complexity of a program and hardware, allow easier sharing of useful data. People put things into action without asking the why not.
It's really much more complicated than that.
Posted on Reply
#9
Jism
PowerPC said:
It's a great tool, but very poorly implemented from the beginning.

Nothing can really change, if we still keep using protocols from 40 years ago. Like TCP/IP and Ethernet and all that. You can't just turn off the internet now and fix all those things under the hood, that would require to actually replace the internet. But we also can't ever rely on not being hacked on it.
This. Nobody would knew that back in the time, IPV4 would run out of blocks looking at the amount of devices currently 'hooked' up to the internet. Even tho IPV6 is slowly being rolled out, it will take years for the complete internet to fully switch and change to IPV6 standards.

Nobody would know back in the time, that the date of '2000' and not 1999, would cause problems into certain DOS applications which had problems with storing '00' as last 2 digits showing the year.

Nobody would knew, that intel was having hardware that had build in flaws that exist for more then 20 years and never is found untill recent. I think the world is going so fast these days that due to production, costs and mangement, crucial parts of hard and software are being skipped on.

People want things faster and if they cant get it they head to competition as well. It's no secret that all intel hardware is rejected by country's such as russia considering the bugs / backdoors built into the CPU. For example, IMEI which cant really be shutdown but yet be exploited.

The idea is great but the experience is that not many teams really focus on getting a genuine, solid & safe product. Look at Ipone's. It takes a company from Israel to hack the device for the FBI. I mean apple has done a great job securing their phone's that millions need to be paid in order to crack the security on these phone's. That's how a decent product should be.

As talking about flaws. I remember in the past i bought alot of HDD's from ebay, figuring out i could restore the complete history of what people did with those drives with a simple, low level undelete tool. Not many people actually realise that dragging something into the recycle bin will actually delete the contents from harddrive. Or that a format is not sufficient enough to completely wipe the data. When i sold old parts such as my own HDD's i pretty much made sure that they where overwritten for at least 12 times minimum, just to prevent what i did on my own by someone else.

Napster. Great program. Simular as many other forks and programs to share stuff with everyone on the internet. Yet with one flaw. The complete C drive among many people was being shared. So it was a piece of cake to search for 'inbox.dbx' and basicly download everyone's stupid IMAP / POP3 folder from outlook express. Oh man i had some fun years with experimenting on the internet. In the past there where alot of triple x websites which had their security 'flawed' in such a matter that i was able to 'write' my own user and hashed password into a .htaccess file which was'nt properly secured and gained access to normally, websites from which should be payed for in the first place with credit card.

From my experience, the world and technology is moving so fast that even i cant keep up. I really dislike Windows 10 for switching to a service model with bullshit telemetry and privacy invading techniques. Yes MS is capable of identifying a person just based on the details it is harvesting. MS can push an update to a particular user which grants NSA or some shit access. Skype has a backdoor for the NSA and proberly other intelligence services and so are many other digital forms of communications. You are not safe on the internet. Privacy does not exist and company's are going more further and further to completely sell all your details.

I've wrecked the telemetry that's build into W7 and made sure it's not communicating again to the outside world. When support ends for W7, i am switching over to Linux and start focussing more and more on privacy.
Posted on Reply
#10
Prima.Vera
Funny, as Mr. Robot TV Show also got inspiration from this. Amazed to see that in 2018 still kicks and run :roll::roll::roll::roll:
Posted on Reply
#11
lexluthermiester
Jism said:
Even tho IPV6 is slowly being rolled out, it will take years for the complete internet to fully switch and change to IPV6 standards.
There's a reason for that. How IPV6 is implemented is far more complex than it needs to be. Take IPV4, add an extra set of numbers in front of it and a couple billion possible iterations become trillions.
Example we take the existing format;

255.255.255.255

And we add a fifth set to the front rendering;

255.255.255.255.255.

Any number with only four sets, representing existing addresses, would be interpreted as zero's followed by the rest of the numbers;

000.255.255.255.255.

That solution could have been integrated into existing hardware and software almost seamlessly.
Take that one step further and increased the range of numbers from 0 thru 255 to 0 thru 511, thus;

511.511.511.511.511

This then renders such an enormous number of addresses that every person alive or dead in the history of mankind could be allocated a thousand addresses and we'd only ever use a small fraction of the total available. And it's still easy to integrate and fully backwards compatible with the existing IPV4 standard, making a transition easy. The hex-based mess they came up with is comparatively inefficient, at the same time overly complex and almost completely incompatible with IPV4. IMHO it was/is a move that was completely mental and absurd.
Posted on Reply
#12
csgabe
Isn't that Alan Walker in the picture DJing?
Posted on Reply
#13
FordGT90Concept
"I go fast!1!11!1!"
lexluthermiester said:
There's a reason for that. How IPV6 is implemented is far more complex than it needs to be. Take IPV4, add an extra set of numbers in front of it and a couple billion possible iterations become trillions.
Example we take the existing format;

255.255.255.255

And we add a fifth set to the front rendering;

255.255.255.255.255.

Any number with only four sets, representing existing addresses, would be interpreted as zero's followed by the rest of the numbers;

000.255.255.255.255.

That solution could have been integrated into existing hardware and software almost seamlessly.
Take that one step further and increased the range of numbers from 0 thru 255 to 0 thru 511, thus;

511.511.511.511.511

This then renders such an enormous number of addresses that every person alive or dead in the history of mankind could be allocated a thousand addresses and we'd only ever use a small fraction of the total available. And it's still easy to integrate and fully backwards compatible with the existing IPV4 standard, making a transition easy. The hex-based mess they came up with is comparatively inefficient, at the same time overly complex and almost completely incompatible with IPV4. IMHO it was/is a move that was completely mental and absurd.
Except that you're fixated on string representation of a byte. 255.255.255.255 is 0xFFFFFFFF in reality. 511 would break that, so would appending an extra FF because the buffers and processors are generally only designed to take 32-bits (4 bytes). In other words, wrecked. Tunneling was the only way.


As to this news/OP, the NSA probably shed another tear.

Also, the uniformity of TSL/SSL makes it vulnerable as a system. HTTPS should really be replaced by a protocol that's more able to evolve (servers add newer, better, more diversified security technology that browsers can quickly implement and switch to/from as needed). Find a vulnerability and it should only effect a small portion of the internet.
Posted on Reply
#14
GenericAMDFan
FordGT90Concept said:

Also, the uniformity of TSL/SSL makes it vulnerable as a system. HTTPS should really be replaced by a protocol that's more able to evolve (servers add newer, better, more diversified security technology that browsers can quickly implement and switch to/from as needed). Find a vulnerability and it should only effect a small portion of the internet.
That's just not realistic. see: https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/
Posted on Reply
#15
lexluthermiester
FordGT90Concept said:
Except that you're fixated on string representation of a byte. 255.255.255.255 is 0xFFFFFFFF in reality. 511 would break that, so would appending an extra FF because the buffers and processors are generally only designed to take 32-bits (4 bytes). In other words, wrecked. Tunneling was the only way.
Who says it has to be limited to 32bits? Really, who has ever said that? 40, 48, 56 and 64bits would all work just fine and are mathematically & effectively backwards compatible. Any time someone says "that's the only way" it makes me sad. No it isn't. What was suggested above was done on a chalkboard in a high school classroom 26 years ago as a thought experiment. It would work with the right minds behind it. But that's the problem. The powers that be thought the current mess was a better idea than simply expanding what works already.
Basic mathematical principles state that no number is too big. Take any number you can think of and add 1. So applying that principle to byte math, take 4bytes and add 1byte. You get 5bytes, or 40bits. Keep adding until you reach a bit/byte number that is sufficient to the needs of the task. We have generally gone by powers of two because it makes some things easier, but there is nothing actually limiting us from using other schemes. Example, there have been 3bit, 5bit, 6bit, 7bit, 9bit and 12bit CPU's. It's why we have so many color palette sizes for graphic display array's. 1, 2, 4, 8, 10, 12, 14, 15, 16, 20, 24 and 32bit color palettes and so on. The same is true for storage. Microsoft Server 2003 is a 32bit OS and yet it can address up to 64GB of RAM. How do they do this? 36bit memory address space applied via PAE. That math, used in network transmission protocols, is identical in practice. Need more address space? Add a few bits or a byte, or set of bytes, to the scheme. We don't have to rewrite the whole system to accommodate more address space. The only action needed is the application of basic math; Addition. K.I.S.S.
FordGT90Concept said:
Also, the uniformity of TSL/SSL makes it vulnerable as a system. HTTPS should really be replaced by a protocol that's more able to evolve (servers add newer, better, more diversified security technology that browsers can quickly implement and switch to/from as needed). Find a vulnerability and it should only effect a small portion of the internet.
Now this is a very good point!
Posted on Reply
Add your own comment