copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


Beware of the BEAST: New Attack Against TLS

Date: 21 September 2011

Click here for printable version

Two security researchers are planning to present proof-of-concept code, which they've nick-named BEAST, or Browser Exploit Against SSL/TLS, at the Ekoparty security conference in Buenos Aires this Friday. The researchers, Juliano Rizzo and Thai Duong, have stated that their exploit "... abuses a vulnerability present in the SSL/TLS implementation of major Web browsers ...." [1]

It appears that the vulnerability exists in version 1.0 and earlier of TLS which has become the successor to SSL and is the basis for the internet's foundation of trust for secure browsing, communications and transactions. At present, versions 1.1 and 1.2 of TLS do not suffer from this vulnerability, which is great news - except for the fact that they are almost universally unsupported by both existing browsers and websites. The vulnerability effectively makes encrypted transactions which use TLS susceptible to snooping by hackers. [2] Version 3.0 of SSL appears to suffer from the same vulnerability. [3]

Juliano Rizzo has described BEAST as a "... new fast block-wise chosen-plaintext attack against SSL/TLS...." and has stated that the attack can "... efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests." [1] The attack is a man-in-the-middle attack where the attacker injects "... the client-side BEAST code into the victim's browser..." while the victim is accessing a secure website. [3] BEAST is a piece of JavaScript code which can compromise the victim's browser in a drive-by fashion - by malicious code placed on a compromised website, via an iframe, or similar. Once the code is loaded into the browser, it seeks active TLS connections, decrypting the HTTPS cookie, and enabling the attacker to hijack any secure sessions. [3] By forcing a web browser to load pages from a secure site, BEAST will then decrypt the session's secure cookie.

The web browser attack is only one possible application for the attack, and the pair of researchers have said that they believe they could also implement the attack against other services which utilise SSL, such as VPNs and instant messaging. [3] It is believed that browser vendors are currently working on a workaround to stop this kind of attack, but Rizzo believes that the only real solution now, would be to switch to a new protocol entirely. [3]

Jonathan Levine
Information Security Analyst

[1] BEAST: Surprising crypto attack against HTTPS

[2] Hackers break SSL encryption used by millions of sites

[3] New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies