Sunday, February 28, 2016

WEP vs WPA vs WPA2

By now, we have already discussed about Wardriving and how wireless networks can be hacked using Wardriving. (The article can be found here : Wardriving ) We also discussed that, it is always a good practice to use an up-to-date encryption for routers if we want to safeguard our wireless networks. And, this is where WEP, WPA and WPA2 comes into picture.

Let's discuss in detail what WEP, WPA and WPA2 basically are, how are they different from each other and which one to go for.


What is the difference between WEP, WPA and WPA2 ?






Let's understand first what WEP, WPA and WPA2 basically are and how they work. Then it would be easier to understand the difference.

What is WEP ?


WEP stands for Wired Equivalent Privacy. WEP is a popular security algorithm for wireless networks and it was designed for providing data confidentiality for wireless networks. Earlier it was widely used and was the first security choice given to Wi-Fi users. But, later it was supersaded by WPA and WPA2.

WEP uses a 64 bit, 128 bit, 152 bit or 256 bit WEP key. It uses stream cipher RC4 for confidentiality. The WEP key is first concatenated with the Initialization Vector and then the whole keystream is XOR'ed with plaintext to get the encrypted value. The diagram looks something like that of given below :






Length of the Initialization Vector normally is 24 bit. This would mean, for a 64 bit WEP, the WEP key length is 40 bit, for 128 bit WEP, the key length is 104 bit and for 256 bit WEP, the key length is 232 bit.

For 64 bit WEP, user normally enters the key as 5 ASCII characters, which is then converted into 5 x 8 = 40 bit WEP key and then the key is concatenated with 24 bit Initialization Vector. The 64 bit keystream is then XOR'ed with the plaintext to get the encrypted value.

Similarly, for 128 bit WEP, user enters 13 ASCII characters and for 256 bit WEP, user enters 29 ASCII characters.


WEP uses mainly two types of authentication : Open System Authentication and Shared Key Authentication.

For Open System Authentication effectively no authentication occurs. The user rather provides WEP keys to encrypt data frames.

For Shared Key Authentication typically the steps below are followed for authentication :

  • The client sends authentication request to Access Point.
  • The Access Point responds with a cleartext challenge.
  • The client encrypts the challenge text with WEP keys and sends it back.
  • The Access Point decrypts the response and on successful verification authentication happens.


It may seem that Shared Key Authentication is a better option, as Open System Authentication effectively offers no authentication. But, rather the opposite is true. In case of Shared Key Authentication, challenge frames can be captured at the time of authentication and from that keystream can be derived. So, it is advisable to opt for Open System Authentication.


How secure is WEP ?


WEP is proved to be a weaker algorithm. Inspite of using increased key size and revised algorithms, several security flaws were found in WEP. WEP is highly vulnerable and it is strongly advisable to upgrade systems to WPA or WPA2 for security.


What are WPA and WPA2 ?


WPA and WPA2 stands for Wi-Fi Protected Access and Wi-Fi Protected Access II. These are two security protocols developed by Wi-Fi Alliance. (Wi-Fi Alliance is a non-profit organization that promotes Wi-Fi technology and certifies Wi-Fi products after they conform to certain standards of interoperability). WPA and WPA2 was defined in response to security holes found in WPA and WPA2.


WEP uses fixed WEP keys entered by users at the Access Points to encrypt the data packets. But, WPA uses Temporal Key Integrity Protocol or TKIP for encryption. It dynamically generates a 128 bit key for each packet and the key keeps changing for each packet. As a result, WPA does not have the security vulnerability that WEP previously had.

WEP uses CRC or Cyclic Redundancy Check to ensure data integrity. But, the problem with CRC is it fails to provide sufficient data integrity guarantee. In WPA, CRC is replaced with a message integrity check algorithm called Michael. Michael is a much stronger algorithm than CRC, though not as strong as the algorithm used in WPA2.


WPA2 is designed to replace WPA. WPA2 includes AES based encryption mode with strong security. WPA2 is able to provide even more strict security than WPA.


How secure are WPA and WPA2 ?


As discussed earlier, WPA and WPA2 are designed in response to the security vulnerabilities found in WEP. So, both of them are more secure than WEP. In fact, use of WEP is deprectaed and all devices should be upgraded from using WEP.

If we compare WPA and WPA2, WPA2 uses algorithm stronger than WPA. And it ensures even more better security than WPA.


So, in short, among WEP, WPA and WPA2, use of WEP is deprecated. One should instead go for either WPA and WPA2. And, if we compare WPA and WPA2, WPA2 is the most secure. Hope this helps.




Tuesday, February 23, 2016

What is BlueBump Attack ?

BlueBump Attack is an attack in which the attacker first connects to the Bluetooth device of the victim and exploits that to delete the link key of the victim's device and gets unlimited access to the device thereafter.





What is a link key ?


To provide secure communication of data, Bluetooth provides us the functionality of authentication. Whenever a Bluetooth device wants to pair with another Bluetooth device, both of them have to provide a PIN. After that, a verification process starts and if the other device is successfully authenticated, a connection is established.

When a device A wants to communicate with device B, both the devices enter a PIN. A 128 bit long link key is then generated from the entered PIN. Device A then sends a 128 bit random challenge to device B, which wants to connect to device A. Device B then uses its 48 bit address or BD_ADDR, link key and the random challenge as inputs and applies E1 algorithm to calculate the response to the random challenge. Device B then sends the response to device A. Device A verifies the response and on successful verification, it establishes connection to device B.


How is BlueBump Attack perpetrated ?


BlueBump Attack is named after the technique of key bumping. The attacker establishes a connection to the victim's device and then exploits that to connect to the same device at any time like a bump key.

Attackers typically follow a couple of steps to perpetrate a BlueBump Attack :

  • The attacker uses social engineering and forces the victim's device to open a Bluetooth connection with the attacker's device. For example, the attacker may send a business card to the victim and trick the victim's device to establish a connection with the attacker's device.
  • The attacker keeps the connection open and tricks the victim's device to delete its link key.
  • The attacker now requests the victim's device for a link key regeneration.
  • On doing so, the victim's device unknowingly gives unlimited access to the attacker's device. The attacker can now exploit it to connect to the victim's device at any time as long as the link key is not deleted again.


How to prevent BlueBump Attack ?


We can at least take a couple of steps to safeguard our Bluetooth devices from attacks.

  • Turn off the Bluetooth in the devices when not in use.
  • Configure the Bluetooth device to use the lowest power that meets your needs. For example, Class 3 devices transmit at 1 mW which cannot communicate beyond 10 meters. And, Class 1 devices transmit at 100 mW, which cannot communicate beyong 100 meters. Adjusting power does not eliminate the possibility of outsider attack, but it can reduce the possibility to a great extent.
  • Do not permanently store the pairing PIN code on Bluetooth devices.



So, beware of various vulnerabilities of Bluetooth so that you can protect your devices in a better way and stay safe, stay secured.




Read More

What is BlueSnarfing ?

What is BlueBugging ?

What is BlueSniping ?

What is BlueSmack Attack ?

What is BlueDump ?

What is BluePrinting ?

What is BlueJacking ?

Sunday, February 21, 2016

What is BluePrinting ?



BluePrinting is a method for finding out details about remote Bluetooth devices and then exploiting the information later to hack those devices for illegitimate purposes.


How is BluePrinting perpetrated ?


There are a number of software available for perpetrating BluePrinting. Attackers first find out the BD_ADDR of a nearby Bluetooth device and then use those available tools to find out information on manufacturers, model and firmware version of the particular Bluetooth device.









BD_ADDR of a Bluetooth device is a unique address for each Bluetooth device which consists of 6 bytes. This address is normally hardcoded in the chipset of the device. The first three bytes of the BD_ADDR refers to the manufacturer of the chipset, using which the attacker can extract information on the manufacturer of the Bluetooth device.

And, every Bluetooth device uses a protocol named Service Discovery Protocol to service other Bluetooth enabled devices. If a remote device sends a query, an SDP record is sent which contains information on how to access the service of the Bluetooth device. Attackers can exploit this method to send query to the victim's Bluetooth device and derive information on the model of the device.

And once the attackers get enough information on the manufacturer and model of the Bluetooth device, they use it to find out whether that particular Bluetooth device has any known security vulnerabilities, which they can later use to perpatrate the actual attacks.


How to prevent BluePrinting ?


We can take a couple of steps to safeguard our Bluetooth devices from the attackers.

  • Turn off the Bluetooth in the devices when not in use.
  • Configure the Bluetooth device to use the lowest power that meets your needs. For example, Class 3 devices transmit at 1 mW which cannot communicate beyond 10 meters. And, Class 1 devices transmit at 100 mW, which cannot communicate beyond 100 meters. Adjusting power does not eliminate the possibility of outsider attack, but it can reduce the possibility to a great extent.
  • Do not permanently store the pairing PIN code on Bluetooth devices.



So, beware of various security vulnerabilities of your Bluetooth devices so that you can protect your devices in a better way and stay safe, stay secured.




Read More

What is BlueSnarfing ?

What is BlueBugging ?

What is BlueSniping ?

What is BlueSmack Attack ?

What is BlueDump ?

What is BlueJacking ?

What is BlueBump Attack ?

Monday, February 15, 2016

MAC Address Spoofing for Bluetooth



All network interfaces that communicate with the network have a unique identifier and so do Bluetooth. And, similar to other network devices, attackers can spoof the MAC address of Bluetooth devices also.

Let's understand more on MAC address and MAC Address Spoofing of Bluetooth devices.






Bluetooth MAC Address

Bluetooth MAC address is a 48-bit long unique identifier that uniquely identifies each Bluetooth device.

Out of this 48 bit Bluetooth MAC Address, 24 bit is a company identifier, which is unique to the manufacturer. Each vendor registers and obtains a MAC prefixes assigned by the IEEE. A vendor may get more than one MAC prefixes also, each one used for different products.



And the rest 24 bit is a company assigned identifier which is assigned by the manufacturer. Each vendor assigns a unique 24 bit suffix for each Bluetooth device. Different vendors may assign same 24 bit suffix for different Bluetooth device, but that does not create problems as the 48 bit MAC addresses altogether remain different.


How do I get MAC Address of my Bluetooth device

You can find out the MAC Address of your Bluetooth device from the device itself. You can go to settings of your device and select Bluetooth, it would show the MAC Address of the Bluetooth device.



Why MAC Address Spoofing

MAC Address Spoofing is changing the MAC Address of the device to some other value.

MAC Address Spoofing is done for various reasons. Security experts do this for Penetration testing.

Attackers spoof MAC Addresses mainly for stealing sensitive data from the device. They change the MAC address of their device to that of the victim's device. As a result, data meant for the victim reaches the attackers first. They intercept the data and then may forward it to the victim's device so that it remains undetected.



How is MAC Address Spoofing done for Bluetooth Devices

There are a number of software available for spoofing MAC Address. One such tool is spooftooph. This is used in Linux to automate spoofing or cloning of Bluetooth devices.


NAME
spooftooph

SYNOPSIS
spooftooph -i dev [-mstu] [-nac]|[-R]|[-r file] [-w file]

DESCRIPTION
-a <address> : Specify new BD_ADDR
-b <num_lines> : Number of Bluetooth profiles to display per page
-B : Disable banner for smaller screens (like phones)
-c <class> : Specify new CLASS
-h : Help
-i <dev> : Specify interface
-m : Specify multiple interfaces during selection
-n <name> : Specify new NAME
-r <file> : Read in CSV logfile
-R : Assign random NAME, CLASS, and ADDR
-s : Scan for devices in local area
-t <time> : Time interval to clone device in range
-u : USB delay. Interactive delay for reinitializing interface
-w <file> : Write to CSV logfile
(Useful in Virtualized environment when USB must be passed through.)



For example :

spooftooph -i hci1 -a 00602560AA43

This will use the Bluetooth interface hci1 to spoof itself as the device having MAC Address 00602560AA43.



spooftooph -i hci1 -R -w outputfile

This will use the interface hci1 and assign random MAC address to itself. The results will be stored in the CSV logfile outputfile.

Similarly, -r option is used for reading in the CSV logfile.



spooftooph -i hci1 -s

This will scan for Bluetooth devices in the local area within the range.



So, this article was to inform you about MAC Address Spoofing of Bluetooth devices. Hope it has helped.

Sunday, February 14, 2016

What is Car Whisperer ?





What is Car Whisperer ?


Car Whisperer is a hacking technique which can be used by attackers to hack handsfree Bluetooth in-car system and connect it to a Linux system to inject audio to or record audio from a bypassing car. Car Whisperer can easily be used by the attackers to invade privacy and listen to conversation inside a car and exploit that to illegitimate purposes.

Who found Car Whisperer ?


Car Whisperer was found by a group of European wireless security experts called Trifinite Group in 2005. This software was developed by Trifinite Group as a proof of concept to illustrate the vulnerabilities of handsfree Bluetooth in-car system.


How is Car Whisperer Attack perpetrated ?


Car Whisperer software takes advantage of the fact that most of the handsfree in-car Bluetooth systems need a simple four-digit security key, which in most cases is '0000' or '1234'. Many car manufacturers use the same security key for all their Bluetooth systems and this security key is enough for granting permission of accessing the devices. And, this results in the vulnerability using which Car Whisperer Attack can be perpetrated.

To perpetrate Car Whisperer Attack, the attacker needs a Linux laptop and a few easily available hardware like directional antenna.

Normally, the range of Bluetooth is limited to few meters only. But, there is a technique called Bluesniping which can be used by the attackers to track a Bluetooth system up to a mile distance, using a specialized hardware called BlueSniping Gun. This BlueSniping Gun can easily be made with a few hardware pieces like Folding Stock, Yagi Antenna and Linux powered embedded PC. You can find more information on Bluesniping here : Bluesniping.


Using this specialized hardware, the attacker can hack the Bluetooth system in the car and connect it with a Linux laptop. After that, they can inject audio to the system or record conversation within the car.


Purpose of Car Whisperer Attack


As discussed earlier, Car Whisperer Attack can be perpetrated by the attackers to invade privacy and record conversation inside the car or inject audio into the in-car Bluetooth system.

Till now, experts could not confirm whether Car Whisperer Attack can be used to do even more nefarious activities like disabling airbags or brakes. But, experts do believe that there can be other implications of this attack.


How to prevent Car Whisperer Attack ?


The first option that we can think of preventing the attack is not to use same pre-specified security code to all the cars. Without knowing the security code, attackers cannot connect to the in-car Bluetooth system.

There is also another way to prevent this attack. You can keep your Bluetooth phone connected to the in-car Bluetooth device. Normally, the in-car Bluetooth device can connect to only one device at a time. So, if you keep your Bluetooth phone connected to the in-car Bluetooth device while you are inside the car, it would not be possible for the attacker to hack and connect to the in-car Bluetooth system.



So, beware of various vulnerabilities so that you can protect your devices in a better way. And, stay safe, stay protected.

Friday, February 12, 2016

What is BlueDump ?

BlueDump is an attack in which the attacker tricks a Bluetooth device to abandon its link key and pair with the attacker's Bluetooth device, resulting in illegitimate activities of the attacker.

Let's understand in detail what it actually is.








Bluetooth Authentication


To provide secure communication of data, Bluetooth provides us the functionality of authentication. Whenever a Bluetooth device wants to pair with another Bluetooth device, both of them have to provide a PIN. After that, a verification process starts and if the other device is successfully authenticated, a connection is established.

So, here is how the authentication works :

  • Let's say, device B wants to connect with device A and so device B has to authenticate itself to the other device B.
  • To initiate a connection, users of both the devices enter a PIN, which can be of maximum length of 16 octets.
  • A 128 bit link key is generated using the PIN code entered.
  • Device B, which wants to connect to device A, sends its 48 bit address or BD_ADDR.
  • Device A, which wants to authenticate device B, sends a 128 bit random challenge to device B.
  • Device B uses its link key, BD_ADDR and the random challenge as inputs and computes the authentication response using E1 algorithm.
  • Device B sends the authentication response thus computed to device A.
  • Device A also uses the same inputs as device B and computes the expected authentication response using the same E1 algorithm.
  • If the authentication response sent by device B matches with that of the expected authentication response computed by device A, device B is successfully authenticated.
  • Now both device A and device B can go ahead with pairing.


What is BlueDump Attack ?


Though normally authentication follows the steps mentioned above, but there are a few cases where the Bluetooth devices do not always enter a PIN for verification. For example, if a user wants to automate the pairing of two devices using a script, he can change the settings and enable the devices to pair without entering a PIN. In BlueDump Attack, the attacker exploits this functionality.


Suppose device A and device B are two devices which can be paired using authentication. In BlueDump Attack, the attacker spoofs the BD_ADDR of device B and connects to device A.

Device A as usual requests for authentication. But, the attacker does not have the PIN and link key.

So, the attacker responds with a HCI_Link_Key_Request_Negative_Reply to device A.

HCI_Link_Key_Request_Negative_Reply is a Link Control Command and it is used to indicate no link key is associated with the device.

As a result, in most of the cases device A abandons its link key and goes ahead with pairing with the attacker's device.

Now, the attacker can exploit this pairing for illegitimate purposes.


How to prevent BlueDump Attack ?


  • Turn off the Bluetooth in the devices when not in use.
  • Configure the Bluetooth device to use the lowest power that meets your needs. For example, Class 3 devices transmit at 1 mW which cannot communicate beyond 10 meters. And, Class 1 devices transmit at 100 mW, which cannot communicate beyong 100 meters. Adjusting power does not eliminate the possibility of outsider attack, but it can reduce the possibility to a great extent.
  • Do not permanently store the pairing PIN code on Bluetooth devices.



So, beware of various vulnerabilities of Bluetooth so that you can protect your devices in a better way and stay safe, stay secured.




Read More

What is BlueSnarfing ?

What is BlueBugging ?

What is BlueSniping ?

What is BlueSmack Attack ?

What is BlueJacking ?

What is BluePrinting ?

What is BlueBump Attack ?

Thursday, February 11, 2016

What is a BlueSmack Attack ?

BlueSmack Attack is an example of Denial of Service Attack for Bluetooth enabled devices. It works like Ping of Death. It uses L2CAP layer to transfer an oversized packet to Bluetooth enabled devices, resulting in a Denial of Service attack.






What is L2CAP ?


To understand L2CAP, we need to know a little bit about Bluetooth protocol stack.

Bluetooth services actually use a protocol stack, which just for ease of understanding can be compared to OSI model of network protocol stack. This Bluetooth protocol stack consists of the following main layers :

  • SDP
  • LMP
  • L2CAP
  • RFCOMM
  • TCS






SDPSDP or Service Discovery Protocol is responsible for detecting services provided by other Bluetooth enabled devices. A Bluetooth enabled device keeps track of presence of other Bluetooth enabled devices within its operating range using this protocol.

LMP – LMP or Link Managing Protocol is responsible for keeping track of connected devices. A Bluetooth enabled device pairs with other Bluetooth enabled devices using this protocol.

L2CAP – L2CAP or Logical Link Control and Adaption Protocol provides connectionless and connection-oriented data services to the upper layers of the Bluetooth stack.

RFCOMM – RFCOMM or Radio Frequency Communication protocol uses L2CAP protocol and is responsible for providing emulated serial ports to other devices. A Bluetooth enabled device can simultaneously connect upto 60 other Bluetooth enabled devices because of RFCOMM protocol.

TCS – TCS or Telephony Control Protocol uses L2CAP protocol and provides the functionality of controlling of telephony applications.


What is BlueSmack Attack ?


In L2CAP protocol, there is a possibility of requesting and receiving echo from other Bluetooth enabled peer. This is done through L2CAP ping. This L2CAP ping helps in checking connectivity and roundtrip time of established connections with other Bluetooth enabled devices.

Every device has a limit on the size of the L2CAP ping. If it gets a L2CAP ping packet which is beyond the limit of the size, it will crash. And, in BlueSmack Attack, the attacker does exactly that.


How do attackers perpetrate BlueSmack Attack ?


BlueSmack Attack can be perpetrated with standard tools that ship with the official Linux Bluez utils package.

The l2ping, that ships with the standard distribution of the BlueZ utils, allows the user to specify the packet length of the l2ping using -s <number> option. Many devices start reacting with packet size starting from 600 bytes.


How to prevent BlueSmack Attack ?



  • Turn off the Bluetooth in the devices when not in use.
  • Configure the Bluetooth device to use the lowest power that meets your needs. For example, Class 3 devices transmit at 1 mW which cannot communicate beyond 10 meters. And, Class 1 devices transmit at 100 mW, which cannot communicate beyong 100 meters. Adjusting power does not eliminate the possibility of outsider attack, but it can reduce the possibility to a great extent.
  • Do not permanently store the pairing PIN code on Bluetooth devices.



Read More

What is BlueSnarfing ?

What is BlueBugging ?

What is BlueSniping ?

What is BlueJacking ?

What is BlueDump ?

What is BluePrinting ?

What is BlueBump Attack ?

What is a Cabir Worm ?



Cabir Worm is the first computer worm that was designed to infect mobile phones. It was first found in 2004 and at that time it affected many mobile phones with Symbian OS. It is also known as Caribe Worm.







Who developed Cabir Worm

Experts believe that Cabir Worm was first developed by a group of international hackers called 29A. They wanted to prove that mobile phones are also vulnerable to malware. And so they developed this worm to catch world attention.



Infection and Spread of Cabir Worm

The victim first receives a file named caribe.sis in phone messaging inbox. If the victim cannot understand the risk and opens the file and chooses to install it, Cabir Worm infects the mobile.

Immediately after installation, Cabir Worm gets activated and before the victim can understand the effects, it starts replicating it and infects other mobiles exploiting Bluetooth. Experts say, the worm starts infecting other mobiles over Bluetooth even before the victim realizes it and disables his own Bluetooth.

After infecting a mobile, Cabir Worm writes the word “Caribe” on the screen of the mobile and it gets activated automatically every time the mobile is turned on.

There is another version of Cabir Worm which is capable to replicate itself not only via Bluetooth, but also using MMS. It is called Mabir Worm.



How harmful is Cabir Worm

Cabir Worm was first designed with the purpose of demonstrating vulnerabilities of mobile phones. Reportedly it does not cause much harm other than showing the message “Caribe” on the screen.

But, once it starts replicating, it searches for other mobile phones exploiting the Bluetooth connections. As a result, the battery of the mobile drains out very fast.



Mitigation of Cabir Worm

Immediately after Cabir Worm was found, patches were released to mitigate the worm. F-Secure developed a security patch to detect Cabir Worm and delete worm components from related directories.



Significance of Cabir Worm


Cabir Worm has a lots of significance in security of mobile phones. This worm demonstrated that mobile phones are also not safe from malware. And, it was a wake up call for all security experts.

Monday, February 8, 2016

What is a CRIME Attack ?



A CRIME Attack or Compression Ratio Info-leak Made Easy Attack is an attack in which the attacker manages to decrypt the HTTPS cookie placed in a computer of a user and exploit that to impersonate the user in a web application and steals sensitive data thereafter. This attack is possible for HTTPS connections that also use data compression feature of SSL/TLS.






The attack was first found by two security researchers Juliano Rizzo and Thai Duong.

Let's understand what that attack is actually.



CRIME Attack

HTTPS protocol internally uses SSL/TLS. When two hosts connect to each other using HTTPS protocol, a TLS connection is first established and then the data is transferred in encrypted fashion. So, it is very difficult for an eavesdropper to listen to the conversation and get sensitive information.


On the other hand, when a user logs in to a web application, authentication information is stored in a cookie inside the user's computer. So, after authentication, if the user's browser makes any HTTPS request to the web application, the authentication information stored in the cookie is used.

If an attacker has access to the authentication cookie, he can impersonate the victim to log in to his account in the web application. But, normally it is very difficult for the attacker to access this authentication cookie. Moreover, in HTTPS connection, the cookie is compressed using lossless data compression algorithm and then encrypted and is sent. So, the attacker cannot get the value of the cookie by mere eavesdropping.

In CRIME Attack, the attacker sends several HTTPS requests to the web application with a cookie value which is appended with a few random characters over the actual cookie of the victim. And, listens to the conversation to get the compressed and encrypted value of the cookie. After that, the attacker analyzes the results to get the actual value of the cookie.

To understand further, we need to know a little bit about the lossless compression algorithm that is used in the HTTPS connections.


Let's suupose, the value of the cookie is :

BBBBACDE

After compression, the value of the cookie would be :

4BACDE

At this point, if we prepend the data with one more A, the cookie and its compressed value would be :

ABBBBACDE

A4BACDE

But, if we prepend the value with a B, the cookie and its compressed value would be :

BBBBBACDE

5BACDE


So, if we prepend the data with a B, the compressed value will be less than the compressed value of the data when we prepend it with an A. Thus we have come to know the first part of the data, which is a B. Next, we can prepend the original data with BA, BB and so on and find out that the rest of the data.

So, if someone prepends the data with some carefully chosen values and observes the length of the compressed values, he will be able to guess the whole data. This is true even after the data is encrypted after compression. If someone prepends the original data with random data and observes the length of the compressed and encrypted data, the same relationship will hold.


Now, in a CRIME attack, the attacker first uses some social engineering to trick the victim to click on a link. He may send the victim an email saying, Look at some interesting pictures ! The link actually points to a malicious script of the attacker's website.

When a victim clicks on the link when he is already authenticated to the web application, the malicious script will run and it will send several HTTPS request to the web application using the authentication cookie of the victim, prepended with some random bytes.

At this point, if the attacker is on same wireless networks as that of the victim or is controlling the router of the victim or is in same local networks as that of the victim, the attacker can now listen to the conversation and observe the length of the compressed and encrypted cookie with each HTTPS requests.

As explained above, because of the property of the compression algorithm used in HTTPS connections, the attacker can analyze those values and derive the value of the authentication cookie.

The attacker can now easily impersonate the victim and login to the victim's account in the web application to steal his sensitive data like credit card numbers, social security numbers, passwords etc.



Mitigation

  • One way of dealing with CRIME attack is to disable compression mechanism in HTTPS requests.
  • TLS connections should use Cipher Chaining Block or CBC ciphers. This will reduce the relationship of encrypted data with the plaintext data, thereby making it much difficult for the attackers to analyze the encrypted data and deduce the actual value of data.
  • Cross Site Request Forgery or CSRF Attacks must be prevented efficiently. Because the attacker first injects his malicious script to make several HTTPS requests using CSRF attacks only.
  • Browsers should be upgraded with recent security patches.



So, beware of various security vulnerabilities, so that you can protect your data in a better way and stay safe, stay secured.

Saturday, February 6, 2016

What is BREACH Attack ?



In 2013, a new attack named BREACH Attack or Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext caught our attention. It affected many of our lives by stealing sensitive data transferred over the internet, even when SSL/TLS is used.

Let's understand what this BREACH Attack is actually and how the attackers perpetrate this attack.







BREACH Attack

When our browsers request for a webpage, the webpage is normally first compressed and then sent over to the browsers. This is done to utilize the bandwidth in a better way. Similarly, when we send any data through a webpage, the content is first compressed and then sent over to the server. We use HTTP compression for this purpose.

When we use SSL/TLS to send sensitive data to a server, the data is first encrypted and then sent over to the server. In case of HTTP Compression, content is first compressed and then sent over to the server.

In BREACH Attack, an attacker analyzes the responses of various responses to a victim authenticated to a web application and finds out sensitive data pertaining to the victim. That is, the attacker
sends several requests to the server impersonating the victim and looks at the responses, that is the length of the compresed contents. On analyzing the lengths of responses of various requests, the attacker finds out sensitive data of the victim.


How BREACH Attack Works

When we use HTTP compression on the webpages, the length of the compressed contents is less than that of the actual content. But, the actual length of the compressed depends much on the sensitive data pertainig to the user.

For example, study says, if a user authenticates to an ecommerce website and searches with some text in the search bar, the length of the compressed webpage will be minimum when the search text will match with the username or credit card number of the user.

So, if a user has a credit card number 123456 and he searches with various texts in the search bar of the website, the length of the compressed webpae will be minimum when the user will search with 123456.

And, this is the technique the attackers exploit to find out sensitive data of the user.


How is BREACH Attack perpetrated

To perpetrate BREACH Attack, the attacker first uses social engineering to trick the victim to click on a link. For example, the attacker may send an email to the victim saying “See some interesting pictures !” The link actually points to a script that exploits the authentication cookies stored in the victim's computer and sends the server several requests of searching with texts in the searchbar.

For example, if a victim cclicks on the link when he is already authenticated to the web application, the script will use brute force approach and send the server several requests which will search in the searchbar with texts, say from 123456 to 999999.

The attacker can now observe the length of contents of each response, and the response with minimum compressed length will contain the victim's credit card number.


Mitigation

Turning off HTTP compression looks a simple solution. But, this is difficult to implement as almost all browsers rely on it heavily to effectively manage the bandwidth and transmission speed.

The other possible approaches could be :

  • Protect vulnerable pages with CSRF token, which will make sure that a request coming from a browser is indeed a request sent by the user.
  • Add some random bytes to the compressed content so that all compressed webpages are of same length.
  • We can seperate sensitive data of a user from the webpages where some input text is displayed.



So, beware of various vulnerabilities so that you can protect your sensitive data in a better way and stay safe, stay secured.

Friday, February 5, 2016

What is FREAK Attack ?



How does FREAK Attack affect us

Normally, we use HTTP Protocol to browse the internet and visit a website. When we type a URL in the browser, an HTTP request goes to the server and the server responds with appropriate HTML page.






If we think about security, HTTP is an unsecured protocol. When data travels between the client and the server, it is unencrypted and as a result, not safe from attacks like Man In The Middle Attack.

But, we need some secure protocol to transfer sensitive data, for example while transferring data for bank transactions etc. And so, HTTPS was developed.

This HTTPS uses SSL/TLS for security. That means, all data transferred between the server and the browser gets encrypted first and then transferred. First, a TLS connection is established between the server and client (browser) and a key is negotiated between them. And then, all data is encrypted with the key and sent over.

FREAK Attack is an attack in which the attacker exploits a vulnerability of SSL/TLS protocol and breaks the encryption to steal sensitive data transferred between the browser and the server.



How is FREAK Attack perpetrated

Many a times SSL/TLS protocol depends on RSA to transfer secret information between the browser and the server. Once upon a time, servers and clients used to use 'export RSA' instead of RSA and that would rely on a 512 bit long weaker export RSA encryption keys. Later, we stopped using 'export RSA', but in many servers and browsers the support for 'export RSA' remained.

FREAK Attack is an attack in which the attacker exploits this opportunity and tricks the browser and the server to use 'export RSA' instead of stronger RSA.

Let's understand how the attack works actually.

  • The browser uses HTTPS, which is HTTP over SSL/TLS and tries to establish a secure connection to the server. For that reason, the browser sends a Client Hello message to the server asking for using standard stronger RSA ciphersuite.
  • The attacker intercepts the conversation and replaces RSA ciphersuite message with 'export RSA'
  • The server does not understand the trick and responds to the client with a 512 bit export RSA key signed with its certificate.
  • The client (browser) also does not understand the trick and accepts 'export RSA'
  • The communication starts using 'export RSA'
  • The client and the server exchanges pre-master secret, that is the secrets on the encryption keys using which the data will be encrypted further.
  • The attacker easily breaks weaker export RSA encryption and gets the secret information.
  • The attacker can now derive the secret keys using which the sensitive data will be encrypted and transferred between the browser and the server.


Mitigation

Good that almost all modern browsers have released security patches against this vulnerability of FREAK Attack. As per the security patches, modern browsers and servers removed the support for 'export RSA' ciphersuite, making our data more secure.



This was an article to give information on FREAK Attack, hope you liked it.