Monday, November 16, 2009

Successful Twitter Attack Using SSL Renegotiation Flaw

When Marsh Ray discovered a vulnerability in the secure sockets layer (SSL) protocol that allows attackers to inject text into encrypted transmissions between two endpoints, we all knew it was only a matter of time until successful man-in-the-middle attacks leveraging the flaw began to pop up.

Now comes word that a Turkish grad student has successfully stolen Twitter login credentials that were passing through encrypted data streams, much to the consternation of researchers who recently called the recently-discovered flaw conceptually interesting but of little practical value.

Anil Kurmus was able to show that by leveraging the SSL bug, he was able to demonstrate just how wrong those researchers had been, both in the simplicity of the attack and the results that could be obtained:

Despite those limitations, Kurmus was able to exploit the bug to steal Twitter usernames and passwords as they passed between client applications and Twitter's servers, even though they were encrypted. He did it by injecting text that instructed Twitter's application protocol interface to dump the contents of the web request into a Twitter message after they had been decrypted.

Now, Twitter is some seriously low-hanging fruit when it comes to an attack surface due to its architecture and the volume of third party applications that do a poor job of error handling and reporting to the user.

Twitter doesn't help their cause by including the username and password with every request sent through their site. Their API also makes is relatively painless to intercept the contents of the data stream and use it to the attacker's advantage.

To their credit, Twitter claims to have closed the hole that previously existed. Et tu, SSL?

To date, only OpenSSL has provided a patch to deal with the core vulnerability. Every other implementation has been dorking around secretly for months preparing the bug fix that will need to be rolled out internationally.

Next likely attack scenario? How about stealing authentication cookies associated with web mail accounts or social networking sites that specialize in sending and receiving messages?

If your confidence in the core security guarantee associated with TLS isn't shaken, it should be.



1 comment:

  1. and we put this much effort into worrying about someone stealing what we've said...in the 'old days' that was called a tape recorder.....

    ReplyDelete

Please tell me what you think.