CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



RC4 Attacks Increasingly Practical, Feasible: Researchers

Researchers Exploit RC4 Flaws in NOMORE Attacks Against Real Devices

Researchers have demonstrated that attacks against the RC4 cryptographic algorithm are becoming more practical and feasible than ever.

Researchers Exploit RC4 Flaws in NOMORE Attacks Against Real Devices

Researchers have demonstrated that attacks against the RC4 cryptographic algorithm are becoming more practical and feasible than ever.

Despite being very old, RC4 is still one of the most widely used stream ciphers. Experts estimate that RC4 is used 30 percent of the time to secure Transport Layer Security (TLS) connections.

Security experts have often warned that the RC4 encryption algorithm is weak, but the attack methods presented up until now were not very practical.

An attack presented in 2013 took over 2,000 hours to complete. A somewhat more successful method, presented in March 2015, focused on password recovery attacks against RC4 in TLS. This attack still required between 312 and 776 hours to execute.

Now, Mathy Vanhoef and Frank Piessens of the University of Leuven in Belgium have demonstrated that an attacker could decrypt a web cookie protected by the HTTPS protocol within 75 hours. The attack method, which relies on a combination of the Fluhrer-McGrew and Mantin’s ABSAB statistical biases, has been dubbed “NOMORE” (Numerous Occurrence MOnitoring & Recovery Exploit).

In experiments that involved real devices, researchers managed to perform a plaintext recovery attack against the TLS protocol in just 52 hours. Vanhoef and Piessens said this was the first time anyone exploited vulnerabilities in RC4, when used in TLS, in attacks targeting real devices.

In the attack described by the experts, a man-in-the-middle (MitM) attacker intercepts the target’s connection to the server, and injects malicious JavaScript code designed to get the victim machine to transmit encrypted requests containing the victim’s web cookie. By capturing a large number of such requests, the attacker can recover likely cookie values and test them until the right one is found.

Advertisement. Scroll to continue reading.

According to experts, a 16-character cookie can be decrypted with a success rate of 94 percent by capturing roughly 9⋅227 requests. Since the attacker can get the targeted machine to send out 4,450 requests per second, the number of requests needed to decrypt the web cookie is obtained in approximately 75 hours. The list of obtained cookies can be tested in under 7 minutes.

“Generating these requests can even be spread out over time: they do not have to be captured all at once,” the researchers explained.

Cookies are used by websites to identify users and authorize their actions. This means that an attacker in possession of a user’s cookie can log in to their account and perform actions on their behalf.

Experts have pointed out that the NOMORE attack can be leveraged to recover any type of information that is repeatedly encrypted. A research paper Vanhoef and Piessens will present at the USENIX Security Symposium in Washington, D.C. next month also details the application of this attack method against WPA-TKIP (Wi-Fi Protected Access – Temporal Key Integrity Protocol).

WPA-TKIP, a security protocol used in the IEEE 802.11 wireless networking standard, was designed as an interim solution to replace WEP. Despite being outdated, the protocol is still allowed and supported on many protected networks.

Experts have managed to break a WPA-TKIP network within an hour by generating a large number of identical packets. Once the attack against the network is successfully executed, the attacker can decrypt and inject arbitrary packets sent to a client.

As for countermeasures, the researchers said “the only good countermeasure is to stop using RC4.”

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.