Despite being very old, RC4 (Rivest Cipher 4) is still the most widely used cryptographic cipher implemented in many popular protocols, including:
- SSL (Secure Socket Layer)
- TLS (Transport Layer Security)
- WEP (Wired Equivalent Privacy)
- WPA (Wi-Fi Protected Access)
- Microsoft's RDP (Remote Desktop Protocol)
- and many more
However, weaknesses in the algorithm have been found over the years, indicating that the RC4 needs to be wiped from the Internet. But, yet about 50% of all TLS traffic is currently protected using the RC4 encryption algorithm.
Now, the situation got even worse, when two Belgian security researchers demonstrated a more practical attack against RC4, allowing an attacker to subsequently expose encrypted information in a much shorter amount of time than was previously possible.
Attack on RC4 with 94% Accuracy
An attack on RC4 demonstrated in 2013 required more than 2,000 hours to accomplish. However, a more successful attack was presented this year in March, which focused on password recovery attacks against RC4 in TLS and required about 312 to 776 hours to execute.
Recently, a paper "All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS," written by Mathy Vanhoef and Frank Piessens of the University of Leuven in Belgium, demonstrates an attack that allowed them to decrypt cookies encrypted with RC4 within 75 hours with a 94 percent accuracy.
"Our work significantly reduces the execution time of performing an attack, and we consider this improvement very worrisome," reads the blog post by the researchers. "Considering there are still biases that are unused, that more efficient algorithms can be implemented, and better traffic generation techniques can be explored, we expect further improvements in the future."
Breaking Wi-Fi Protected Access Temporal Key Integrity Protocol within An Hour
The attack technique could be exploited by attackers to monitor the connection between a target victim and an HTTPS-protected website, or wireless networks protected by the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP).
The attack took about 75 hours, transmitting 4,450 Web requests per second, although, in the case of attacks against real devices, the time required can be brought down to 52 hours.
However, the new attack against WPA-TKIP requires just an hour to execute, allowing an attacker to inject and decrypt arbitrary packets.
More details about the finding will be presented by the researchers at the upcoming USENIX Security Symposium in Washington D.C. For now, the researchers have released a whitepaper with lots of additional details on their attack techniques.