Vulnerability in SSL encryption is barely exploitable

Researchers have discovered that, where data sent over an encrypted HTTPS connection has undergone prior compression, the door is opened to attackers who, by modifying the data traffic in a targeted manner, are then able to crack the encryption. Compression is supported by almost half of all web servers, including the servers at many prominent organisations such as Google and Twitter. Browser makers have, however, already reacted by disabling the additional functions which enable the vulnerability.

Security researchers Juliano Rizzo and Thai Duong had originally been planning to present a detailed view of their new attack, code-named CRIME, next week, but all of their cards are now on the table. CRIME is based on a problem that John Kelsey of Certicom described back in 2002 in a paper entitled Compression and Information Leakage of Plaintext. When a server and client use TLS deflate compression or the more recent SPDY protocol, a man-in-the-middle attacker can extract session cookies and use these to compromise an encrypted session. The researchers have demonstrated their technique in a video using targets including Dropbox and GitHub. A simpler proof of concept had been previously published.

Demo of the CRIME attack on web sites including Dropbox and Github

But all is not as bad as it seems. As Ivan Ristic of Qualsys explains in his excellent analysis of the problem, only Chrome properly supports TLS compression and the Chrome development team has already disabled it in the latest version. The more recent SPDY is supported by Firefox and Chrome and the majority of browsers, but is, according to Qualsys only supported by 0.8 per cent of web sites. Internet Explorer, Opera and Safari users can, for once, put their feet up and relax – their browsers do not support such fripperies. Smartphone browsers and other services that use TLS for encryption could, however, prove problematic.

(djwm)