The attack leverages a 13-year-old weakness in the less secure Rivest Cipher 4 (RC4) encryption algorithm, which is the most commonly used stream cipher for protecting 30 percent of TLS traffic on the Internet today.
The attack, dubbed "Bar-Mitzvah", can be carried out even without conducting man-in-the-middle attack (MITM) between the client and the server, as in the case of most of the previous SSL hacks.
Itsik Mantin, a researcher from security firm Imperva, presented his findings in a research titled, "Attacking SSL when using RC4" at the Black Hat Asia security conference Thursday in Singapore.
Bar Mitzvah attack actually exploits the "Invariance Weakness," the weak key pattern used in RC4 keys that can leak plain text data from the encrypted SSL/TLS traffic into the cipher text under certain conditions, potentially exposing account credentials, credit card data, or other sensitive information to hackers.
The Invariance Weakness of RC4 pseudo-random stream allows an attacker to distinguish RC4 streams from randomness and increase the probability to leak sensitive data in plain text.
"The security of RC4 [algorithm] has been questionable for many years, in particular its initialization mechanisms," researchers wrote in a research paper (pdf).
"However, only in recent years has this understanding begun translating into a call to retire RC4. In this research, we follow [researches on 2013 RC4] and show that the impact of the many known vulnerabilities on systems using RC4 is clearly underestimated."
Bar Mitzvah is the first 'practical' attack on SSL that only requires passive sniffing or eavesdropping on SSL/TLS-encrypted connections, rather a man-in-the-middle attack, Mantin says. Though, researcher says MITM attack could be used as well for hijacking a session.
HOW TO PROTECT YOURSELF
While waiting for a "broad-brush retirement of RC4," administrators should consider the following steps to protect themselves from RC4 weaknesses:
- Web application admins should disable RC4 in their applications’ TLS configurations.
- Web users (particularly power users) should disable RC4 in their browser’s TLS configuration.
- Browser providers should consider removing RC4 from their TLS cipher lists.