A vicious new bug on the Internet has an innocuous name but a nasty potential bite. Meet the Poodle attack, which exploits yet another vulnerability in one of the Internet’s basic security protocols that could theoretically give an attacker access to your sensitive online accounts.
Google researchers on Tuesday published details of a weakness in SSL 3.0—an encryption method, technically known as the Secure Socket Layer, that safeguards the connections your browser makes to secure websites at banks, email providers, social networks and the like. SSL, it just so happens, is also the security protocol the Heartbleed bug exploited (although that problem affected a different SSL version.)
SSL 3.0 is ancient in Web terms; it’s more than 18 years old and has been considered obsolete for the past 15. The Internet being what it is, and server administrators being who they are, SSL 3.0 is still in use here and there across the Web. And while modern browsers use more advanced security methods, a sophisticated attacker can trick them into downgrading to SSL 3.0. If the server you’re connected to is also using SSL 3.0, that could let the same attacker unravel the encryption and extract sensitive data he or she could use to impersonate you.
See also: Why Google Wants To Padlock The Web
Such attacks aren’t easy to pull off, and that makes the latest weakness a cause for concern, though probably not for outright panic. So far, at least.
How Poodle Attacks
Google researchers Bodo Möller, Thai Duong and Krzysztof Kotowicz outlined the (so far hypothetical attack) in a security advisory published on Tuesday. Poodle—which, in case you were curious, stands for “Padding Oracle On Downgraded Legacy Encryption”—basically takes the Internet’s heterogeneity, usually a source of robustness, and turning it into a weapon.
That’s because browsers and Web servers have to agree on the security standard they’ll use before they can begin exchanging sensitive information. If a Web server isn’t set up to use the most current form of encryption, most browsers will agreeably fall back to an older form until they find one the server will accept. But an attacker can actually trigger this “downgrade dance” by interrupting the initial browser-server “handshake” at key moments.
Once the browser and server are communicating using SSL 3.0, a malicious party can go to work breaking the encryption using a previously identified attack called Beast. This requires an attacker to intercept and modify the requests your browser sends to a Web server, which is not exactly trivial. It is, however, possible; Errata Security’s Robert Graham suggests that you might be most at risk on a public network at, say, a Starbucks, where hackers would have relatively free access to your Web connection.
Breaking SSL 3.0 encryption is most likely to yield access to a so-called session cookie—a bit of data your browser uses to remind a site that you are logged in as you. Anyone who can lay hands on your session cookie can then also log into that site as you. As Graham puts it:
Thus, while you are at Starbucks, some hacker next to you will be able to post tweets in your Twitter account and read all your Gmail messages. These are two examples—they really have near complete control over your accounts. They won’t be able to steal your password, however.
So that’s the scary part, although at this point the risk of that actually happening to you seems fairly low.
Taming The Wild Poodle
There is currently no way to patch SSL 3.0 against the Poodle attack, and while there might eventually be a way to secure it, there’s a good chance that any such patch would be incompatible with existing SSL 3.0 servers. So instead, Möller and his colleagues argue that server administrators should disable SSL 3.0 entirely if they can. The Web-security company Cloudflare has done just that for all its customers.
Similarly, modern browsers are also moving to disable SSL 3.0 by default. Google said it will eliminate SSL 3.0 support from its products, including the Chrome browser, “in the coming months.” Mozilla will likewise disable SSL 3.0 in Firefox 34, slated for a November 25 release. Near as I can tell, Microsoft hasn’t yet issued a similar notice about Internet Explorer.
But not all websites are able to kill off SSL 3.0, in part because some older browsers—particularly Internet Explorer 6—rely on it. IE6 may not be quite as old as SSL 3.0, but at 14 years, it’s also pretty ancient. Yet some business and government systems still require it. (They’re apparently a dwindling minority, though; data from Net Applications shows that IE6 accounted for only 3.6% of all desktop browser use in the third quarter.)
So one backup plan involves preventing the “downgrade dance” that makes the Poodle attack possible. That patch, called TLS_FALLBACK_SCSV, basically forces the browser to inform the server when it offers a weaker security protocol, as it might during a “downgrade dance” attack. That allows the server to reject the connection.
Unfortunately, the TLS_FALLBACK_SCSV workaround is only effective when both browsers and servers have been patched. As we’ve seen in previous vulnerabilities, that can take a long time across the big, wide Internet.
Protecting Yourself Against Poodle
There are a few things you can do to protect yourself against Poodle attack. For starters, if you can’t wait for your browser to disable SSL 3.0, you can turn it off yourself:
- In Chrome, you’ll have to issue the command-line flag –ssl-version-min=tls1, though doing that isn’t completely straightforward. Instructions for Windows, Mac, Linux and Chrome OS are here.
- In Firefox, enter about:config in the browser bar, then scroll down until you find the security.tls.version.min parameter. Double-click on it and enter “1” in the popup window.
- In Internet Explorer, open Tools->Internet options and click on the “Advanced” tab. Scroll down and uncheck “Use SSL 3.0.”
It’s possible that doing this will break some of your Internet services, although the odds of that seem low unless you’re trapped using some custom-built site that never updated.
One other tip: If you’re online on a public Wi-Fi network, use a VPN to encrypt your connection. That should frustrate most would-be hackers unless you’ve landed on an NSA watchlist. If you aren’t signed up with a VPN service, you can always set up a home VPN network you can access from anywhere.
Photo by Greg Westfall (who notes that Scarlett is actually smiling in this picture)