Accute India

NSA Got Hacked By Its Very Own Vulnerability

 You need one hundred and four dollars, more or less, eight hours and Amazon’s cloud computing to hack the National Security Agency’s website. Oh, and you need to make use of the NSA’s very own FREAK vulnerability to hack them in their own game.

A group of researchers did just that, using a few tools to implement man-in-the-middle-attacks. This is an ability that swiftly creates an outcome of 512 bit RSA (RSA is one of the first practicable public key crypto systems and is widely used for secure data transmission) keys.

The bug was reported on Monday. It allows the attacker to take control of secure connections between people using iOS devices or Android devices. This gives hackers a chance to mimic the target and steal private information like login details and passwords.

To factor the 512 bit export keys, the project enlisted the help of Nadia Heninger at University of Pennsylvania, who has been working on “Factoring as a Service” for exactly this purpose. Her platform uses CADO NFS on a cluster of EC2 virtual servers, and (with Nadia doing quite a bit of handholding to deal with crashes) was able to factor a bunch of 512 bit keys; each in about 7.5 hours, for $104 in EC2 time according to Vice.

CIA

Let us explain the FREAK vulnerability to you in a more detailed manner:

Earlier this year, many cyber security companies revealed information about a vulnerability in OpenSSL. OpenSSL started accepting temporary RSA keys when using non-export cipher suites. A malicious server could make a TLS/SSL client using OpenSSL, using a weaker key exchange method.

As stated earlier, OpenSSL clients accepted EXPORT-grade insecure keys even when the client had not initially asked for them. This could be exploited using a man-in-the-middle attack, which would intercept the client’s initial request for a standard key and ask the server for an EXPORT-grade key. The client would then accept the weak key, allowing the attacker to factor it and decrypt communication between the client and the server.

The vulnerability affects all Linux systems too, including the Server, Workstation, Desktop, and HPC Node variants that have not installed the fixed version of OpenSSL packages.

While the use of EXPORT-grade ciphers is disabled by default in OpenSSL), it can be enabled by applications that utilize the OpenSSL library. For this reason, the vulnerability is able to affect all Linux 6 and 7 systems, including the Server, Workstation, Desktop, and HPC Node variants, which have not installed the fixed version of OpenSSL packages.

However, using Internet-wide scanning, we can perform daily tests of all HTTPS servers at public IP addresses to determine whether they allow this weakened encryption. More than a third of all servers with browser-trusted certificates are at risk. i.e all the HTTPS servers at Alexa’s top 1 million domain names have their current vulnerability levels at 8.5 percent. HTTPS servers with browser trusted certificates are at 6.8 percent vulnerability, and the rest of the HTTPS servers are at 11.8 percent.

Browsers are vulnerable to the FREAK attack because of bugs that allow an attacker to force them to use weak, export-grade encryption. One example is the OpenSSL bug described in CVE-2015-0204, but some other TLS libraries have similar problems. Far more browsers are vulnerable to the FREAK attack than was initially thought when the attack was announced, including: