Cyber security scientists have found a new weak point that could let hackers to read secured emails between customers and around one third of HTTPS web servers. Some security protocols, like SSLv2, do not have to be implemented for encrypted communication, but security experts did not perceive their presence in server options as security risks until now.
This is because modern web browsers or other TLS-able clients do not use them. In a recently launched research document, some experts revealed that if HTTPS servers are compatible with SSLv2, a hacker could manipulate the system to decrypt transmitted messages from its customers.
This can happen even if these connections are applying the newest and most protected editions of TLS protocols. These hacking attempts, known as DROWN, have several requirements but are quite simple. First, the targeted HTTPS web server has to support SSLv2 or to send its private code to another web server that supports it, for instance, an e-mail provider.
It is quite typical for companies to implement similar private keys and certification for TLS protocols on both e-mail and web servers. The hacker also has to see several dozen TLS links between a potential target and an unprotected server.
Attackers can do that by tracking online links over longer periods or by sending harmful JavaScript code. This way, they can force a user’s web browser to continuously set up a connection in with the victim’s site.
Furthermore, the targeted servers must implement a RSA key program during the attack, but this should not be an issue for hackers since RSA is the most used key exchange algorithm in TLS protocols. Once the enemy has the taken connection, he has to link it to the web server via the SSLv2 method and deliver exclusively designed handshake information.
This contains variations of RSA cipher text duplicated from the customer’s TLS algorithm. These samples will not succeed, but the method in which the web server reacts to them can send vital data about the private keys implemented for the target’s TLS connection.
In the most severe situations, a hacker would have to execute approximately 40,000 connections totaling 2^50 calculations to decrypt a single connection from the 900 potential weaknesses. Running all these operations for the strike the Amazon EC2 cloud processing system would cost more than $400, the scientists approximated.
Image source: Wireshark