Illustration: Ross Patton/WIRED
The internet is still reeling from the discovery of the Heartbleed vulnerability, a software flaw exposed in April that broke most implementations of the widely used encryption protocol SSL. Now, before Heartbleed has even fully healed, another major bug has ripped off the scab.
On Thursday, the OpenSSL Foundation published an advisory warning to users to update their SSL yet again, this time to fix a previously unknown but more than decade-old bug in the software that allows any network eavesdropper to strip away its encryption. The non-profit foundation, whose encryption is used by the majority of the Web’s SSL servers, issued a patch and advised sites that use its software to upgrade immediately.
The new attack, found by Japanese researcher Masashi Kikuchi, takes advantage of a portion of OpenSSL’s “handshake” for establishing encrypted connections known as ChangeCipherSpec, allowing the attacker to force the PC and server performing the handshake to use weak keys that allows a “man-in-the-middle” snoop to decrypt and read the traffic.
“This vulnerability allows malicious intermediate nodes to intercept encrypted data and decrypt them while forcing SSL clients to use weak keys which are exposed to the malicious nodes,” reads an FAQ published by Kikuchi’s employer, the software firm Lepidum. Ashkan Soltani, a privacy researcher who has been involved in analyzing the Snowden NSA leaks for the NSA and closely tracked SSL’s woes, offers this translation: “Basically, as you and I are establishing a secure connection, an attacker injects a command that fools us to thinking we’re using a ‘private’ password whereas we’re actually using a public one.”
Unlike the Heartbleed flaw, which allowed anyone to directly attack any server using OpenSSL, the attacker exploiting this newly discovered bug would have to be located somewhere between the two computers communicating. But that still leaves open the possibility that anyone from an eavesdropper on your local Starbucks’ network to the NSA to strip away your Web connection’s encryption before it’s even initialized.
According to a blog post by Kikuchi, the flaw has existed since the very first release of OpenSSL in 1998. He argues that despite the widespread dependence on the software and its recent scrutiny following the Heartbleed revelation, OpenSSL’s code still hasn’t received enough attention from security researchers. “The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation,” he writes. “They could have detected the problem.”
The revelation of the bug on the one-year anniversary of the Guardian’s first publication of Snowden’s NSA leaks adds to that grim lesson, says security researcher Soltani. He points to efforts by privacy groups like Reset The Net that have used the Snowden revelations as inspiration to push Internet users and companies to implement more pervasive encryption. Those efforts are undermined, he points out, by the fact that some of the oldest and most widely used encryption protocols may still have fundamental flaws. “There are huge efforts by companies and activists to deploy tools that ‘add proven security,’” he says, quoting Reset The Net’s website. “Yet there’s very little actual work and support of the underlying tools that are being deployed, like OpenSSL. It’s pretty shameful that the core library that practically the entire internet relies on for transport security is maintained by a handful of under-resourced engineers.”
