Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

New Raccoon Attack Can Allow Decryption of TLS Connections

Researchers from universities in Germany and Israel have disclosed the details of a new timing attack that could allow malicious actors to decrypt TLS-protected communications.

Researchers from universities in Germany and Israel have disclosed the details of a new timing attack that could allow malicious actors to decrypt TLS-protected communications.

Named “Raccoon,” the attack has been described as complex and the vulnerability is “very hard to exploit.” While most users should probably not be concerned about Raccoon, several major software vendors have released patches and mitigations to protect customers.

Raccoon can allow a man-in-the-middle (MitM) attacker to crack encrypted communications that could contain sensitive information. However, the attack is only successful if the targeted server reuses public Diffie-Hellman (DH) keys in the TLS handshake (i.e. the server uses static or ephemeral cipher suites such as TLS-DH or TLS-DHE), and if the attacker can conduct precise timing measurements.Raccoon Attack

“The attacker needs particular circumstances for the Raccoon attack to work,” the researchers wrote on a website dedicated to the Raccoon attack. “He needs to be close to the target server to perform high precision timing measurements. He needs the victim connection to use DH(E) and the server to reuse ephemeral keys. And finally, the attacker needs to observe the original connection.”

“For a real attacker, this is a lot to ask for. However, in comparison to what an attacker would need to do to break modern cryptographic primitives like AES, the attack does not look complex anymore. But still, a real-world attacker will probably use other attack vectors that are simpler and more reliable than this attack,” they explained.

The underlying vulnerability has existed for over 20 years, and it was fixed with the release of TLS 1.3.

Since this is a server-side vulnerability, there isn’t anything that clients can do to prevent attacks, except for ensuring that their web browsers don’t use the problematic cipher suites — the most popular web browsers no longer use them.

On the other hand, the researchers have pointed out that the timing measurements may not be necessary to launch an attack if there is a certain type of bug in the targeted software. One example is F5 Networks’ BIG-IP application delivery controller (ADC).

F5 Networks, which tracks the flaw as CVE-2020-5929, has released a patch. Mozilla has assigned the vulnerability CVE-2020-12413 and disabled the DH and DHE ciphers in Firefox 78, but this move was planned before the Raccoon attack was discovered.

Advertisement. Scroll to continue reading.

Microsoft has released an update for Windows to address the vulnerability, and OpenSSL, which has assigned the issue a low severity rating, has published an advisory describing impact and mitigations.

However, even if the timing requirements are bypassed, a server still needs to reuse DH keys for the attack to work. An analysis conducted by the researchers showed that over 3.3% of the servers hosting the Alexa top 100,000 websites reuse keys.

Additional details on the Raccoon attack are available on raccoon-attack.com. The researchers also plan on releasing a tool that can be used to check if a server is vulnerable. In the meantime, they recommend Qualys’ SSL Server Test — a server could be affected if the result of “DH public server param (Ys) reuse” is “yes.”

Related: Stack Ranking SSL Vulnerabilities: The ROBOT Attack

Related: Avast AntiTrack Flaw Allows MitM Attacks on HTTPS Traffic

Related: TLS Communications Exposed to KCI Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...