NSA Got Hacked By Its Very Own Vulnerability

You need one hundred and four dollars, more or less, eight hours and Amazon’s cloud computing to hack the National Security Agency’s website. Oh, and you need to make use of the NSA’s very own FREAK vulnerability to hack them in their own game.

A group of researchers did just that, using a few tools to implement man-in-the-middle-attacks. This is an ability that swiftly creates an outcome of 512 bit RSA (RSA is one of the first practicable public key crypto systems and is widely used for secure data transmission) keys.

The bug was reported on Monday. It allows the attacker to take control of secure connections between people using iOS devices or Android devices. This gives hackers a chance to mimic the target and steal private information like login details and passwords.

To factor the 512 bit export keys, the project enlisted the help of Nadia Heninger at University of Pennsylvania, who has been working on “Factoring as a Service” for exactly this purpose. Her platform uses CADO NFS on a cluster of EC2 virtual servers, and (with Nadia doing quite a bit of handholding to deal with crashes) was able to factor a bunch of 512 bit keys; each in about 7.5 hours, for $104 in EC2 time according to Vice.

Let us explain the FREAK vulnerability to you in a more detailed manner:

Earlier this year, many cyber security companies revealed information about a vulnerability in OpenSSL. OpenSSL started accepting temporary RSA keys when using non-export cipher suites. A malicious server could make a TLS/SSL client using OpenSSL, using a weaker key exchange method.

As stated earlier, OpenSSL clients accepted EXPORT-grade insecure keys even when the client had not initially asked for them. This could be exploited using a man-in-the-middle attack, which would intercept the client’s initial request for a standard key and ask the server for an EXPORT-grade key. The client would then accept the weak key, allowing the attacker to factor it and decrypt communication between the client and the server.

The vulnerability affects all Linux systems too, including the Server, Workstation, Desktop, and HPC Node variants that have not installed the fixed version of OpenSSL packages.

While the use of EXPORT-grade ciphers is disabled by default in OpenSSL), it can be enabled by applications that utilize the OpenSSL library. For this reason, the vulnerability is able to affect all Linux 6 and 7 systems, including the Server, Workstation, Desktop, and HPC Node variants, which have not installed the fixed version of OpenSSL packages.

However, using Internet-wide scanning, we can perform daily tests of all HTTPS servers at public IP addresses to determine whether they allow this weakened encryption. More than a third of all servers with browser-trusted certificates are at risk. i.e all the HTTPS servers at Alexa’s top 1 million domain names have their current vulnerability levels at 8.5 percent. HTTPS servers with browser trusted certificates are at 6.8 percent vulnerability, and the rest of the HTTPS servers are at 11.8 percent.

Browsers are vulnerable to the FREAK attack because of bugs that allow an attacker to force them to use weak, export-grade encryption. One example is the OpenSSL bug described in CVE-2015-0204, but some other TLS libraries have similar problems.

You can check whether your browser is vulnerable using our FREAK Client Test Tool.

Chrome for Windows and all modern versions of Firefox are known to be safe. However, even if your browser is safe, certain third party software, including some antivirus products and adware programs, can expose you to an attack by intercepting TLS connections from the browser. If you are using a safe browser but our client test says you’re vulnerable, this is a likely cause.

In addition to browsers, many mobile apps, embedded systems, and other software products also use TLS. These are also potentially vulnerable if they rely on unpatched libraries or offer RSA_EXPORT cipher suites.

If you are running a server, then you should immediately disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator. We also recommend testing your configuration with the Qualys SSL Labs SSL Server Test tool. If you are a systems admin or are a developer, then please make sure any TLS libraries you use are up to date. Unpatched OpenSSL, Microsoft Security Channel, and Apple Secure Transport all suffer from the vulnerability. Note that these libraries are used internally by many other programs, such as wget and curl. You also need to ensure that your software does not offer to export cipher suites, even as a last resort, since they can be exploited even if the TLS library is patched. We have provided tools for software developers that may be helpful for testing this.

Furthermore, if you are using Microsoft Vista or newer versions of Windows, you can take the following steps as the system administrator to protect yourself. However, not all versions of Vista, Windows 7, and Windows 8.x include the critical gpedit.msc program. Vista Home Premium; Windows 7 Home Premium, Home Basic and Starter, and Windows 8.x Home Premium do not include it. There are ways to add gpedit to these systems.

Go to computer configuration> Administrative Templates> Network>SSL Configuration Settings. Under SSL Configuration Settings, click the SSL Cipher Suite Order setting. In the SSL Cipher Suite Order pane, scroll to the bottom of the pane. And simply enter the following cipher list.

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,

TLS_DHE_DSS_WITH_AES_256_CBC_SHA,

TLS_DHE_DSS_WITH_AES_128_CBC_SHA,

TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

These will keep you protected and safe. We at Anonymous want our friends and readers to be up to date. As for normal users, we once again recommend that you use up-to-date Firefox and Chrome.