Friday, 17 July 2015

Researchers Unveil New Attack On RC4 Algorithm

Researchers have demonstrated an attack on RC4 algorithm, which makes it possible to retrieve information from encrypted connections, such as cookies. The RC4 algorithm is estimated to account for 30% of the encrypted connections used to run over HTTPS. HTTPS supports several algorithms for setting up an encrypted connection. Despite the age of RC4 and the fact that researchers have demonstrated on more frequent attacks, it is still very popular.

Researchers Mathy Vanhoef and Frank Pies Sens of the University of Leuven in Belgium have an attack in which she demonstrated cookies, which are normally protected via HTTPS, can decrypt. These cookies an attacker could then gain access to the account of the target. To carry out the attack, an attacker would need up to 75 hours. Due to this short time duration, the attack is also to carry out in practice. During a test with real computers, it was found that the attack could be performed in 52 hours. The first attack which was demonstrated on RC4 two years ago took more than 2,000 hours.

In order to carry out this attack, an attacker must be located between the target and the Internet. The attacker must then wait until the user visits a website via HTTP. There may then be added to the malicious JavaScript unencrypted website. The code will allow the computer to send encrypted requests containing the cookie of the user. By monitoring this encrypted request, the contents of the cookie can ultimately be determined. According to the researchers, this is the first time that weaknesses in RC4, when used with TLS and HTTPS are used for attacks against real computers.

Vanhoef and Piessens a research report ( pdf ) put online with the details of their investigation. During the USENIX Security 2015 conference the research will be presented. The problem is not only with TLS and HTTPS. Any protocol that uses RC4, according to the researchers labeled as vulnerable. They managed to get within one hour access to a Wi-Fi network was secured with WPA-TKIP. Also TKIP uses RC4. As a solution, they also advise to stop using RC4.

No comments:

Post a Comment