The Biggest Sticking Plaster in Cybersecurity: SSL/TLS

It’s not a good protocol!

The Biggest Sticking Plaster in Cybersecurity: SSL/TLS

It’s not a good protocol!

So, if I use a secure tunnel to my bank, everything is nice and secure? Yes! … if you use a VPN Tunnel, and “No!”, if you use HTTPS. The SSL/TLS tunnel is one of the weakest areas within computer security, as it only protects data as it goes from machine to machine, and does little to protect a proxy being setup on either end of the tunnel. Most good pen testers have a trusty proxy for SSL/TLS connections, and can easily break what is passed within the tunnel. Many companies, too, use smart firewalls, and which will proxy the secure connection for the user, and thus determine the encryption keys used. These can then be passed to other networking devices, in order to break the encryption.

So, as an example, I’m going to outline how this can happen using the Superfish vulnerability that affected Lenovo laptops, and how sloppy developers can be sometimes.

What’s the problem?

So why is HTTPS insecure? Because SSL is a simple fix that just acts to secure part of the network stack, and it is not too difficult to get in-between the browser and the network connection, and trick the browser into thinking that it is connected to a valid site, with the digital certificate looking valid. This is a man-in-the-browser type of attack, where the browser is tricked into dealing with an intermediate piece of software which examines the data packets which go back and forward (Figure 1).

Figure 1: SSL redirection

The nice use of SSL redirection is:

The SSL Redirect plugin is able to redirect non-secure HTTP-pages to secure HTTPS-pages, and back again. Which pages need to be served through SSL and which not, can be configured through plugin parameters: Per Menu-Item, per component, etcetera.

but on the flip-side it can be used as a back-door, and where a proxy is inserted between the browser and the SSL tunnel (or where an intruder hides their operations using a tunnel on certain pages being accessed). Basically that’s how bad SSL is, in that it is not really an end-to-end solution, and is more of a fix for the network stack. The following shows an example of SSL redirection, and you have probably seen this on your own computer when you have installed freeware:

Shovelware

As PC vendors have found their margins reducing, they have looked to other ways of creating a business case, such as including third party tools into their pre-installation list. Most users, though, dislike this type of software, and will often avoid those with bloated pre-installs. Sometimes, though, it can work well, especially when it integrates security products like virus scanners, and with demo versions of Microsoft Office, but it works less well with untested tools, especially ones which integrate with the default Web browser or interfere with the security settings of the computer.

These additions on the pre-install list are often referred to as shovelware, where vendors care little about the actual usefulness of the software, and do very little in the way of due-diligence. Often it includes games which have backdoors and which could reveal user activity, or have ways to trick users into paying for subscriptions to play on-line games. More often these days, the focus is on understanding what users like to browse, and then pushing content to them. Increasingly targeted marketing has become a key focus, and where Web search results from trusted sites, like Google, are tampered with before they are presented back to the user.

Lenovo created an embarrassing “own goal” by including Superfish, which is software that altered search results, and then produced information of competing lower-priced products, whenever the user moves their mouse over the search results. Unfortunately it also crippled the Web browser’s security, using a third party library do perform an SSL connection, and allow intruders to listen to the communications.

SSL redirect

For Lenovo, the pre-installed software, named Superfish, altered search results to show related advertisements, and is well known to many who inadvertently install adware into their browser. So rather than search Google, the browser redirects the results back, and adds it own for the search query. Unfortunately it also allows intruders to see the search queries, even though it looks like you are communicating securely with Google.

Whenever communications are secured in a browser, the remote Web site sends its public key for the client to create an encryption key for both the browser and the server to use. In this way a secure tunnel is setup. In Superfish, the private key has been discovered, as the digital certificate containing the public and private key has been included in the software, and has since been hacked.

At the core of the problem is the tricking of the Web browser into thinking it is connected to a trusted site, but actually the data within the secure communications is created by another application. At the core of the security issues is the usage of SSL hijacker software (Komodia Redirector) developed by Komodia.com:

The Komodia Redirector product says:

Komodia’s Redirector allows you to change TCP/IP network sessions with a few simple clicks. The platform intercepts traffic on the local machine based on rules that you define, and it includes many built in functions that you can use without writing a single line of code (if you need a solution that only sniffs the network traffic without modifying it, visit Komodia’s Interceptor web page).

So we have a piece of software that can trick the user into connecting to an incorrect Web site, without the browser actually knowing that the data is going to the wrong place. This would, in itself, be a particularly bad breach in security, as it tricks the browser into thinking it has a secure connect to a remote site.

What broke Superfish?

As if the communication redirection of the SSL session was bad enough, the final nail in the coffin was that Komodia embed their root CA certificate into the software. This certificate contained both their public and private key — which should never happen, as the private key should never be shared. This certificate has been easily broken by brute forcing the password on it, allowing the private key to be gained.

The private key is the thing that is used to read the data contained in the secure tunnel, so any intruder with the private key of the root certificate can view the data in the secure connection.

So it is a bit like you finding the best locks to secure your home, and then putting the keys for the locks under a plant pot. Many encryption systems are compromised in this way, as secure keys are used for the encryption, but the keys are actually protected by a simple password.

Figure 2: Abstraction of vulnerability

In the end, the password on the private key was cracked within 10 seconds, and had a password of … you’ve guessed it … “komodia” (which is the same name as the company who procedure the SSL redirector). [Method].

Conclusions

One thing that is for sure is that the SSL redirect software does show malicious intent, and should never have been allowed any near a consumer’s computer. The SSL redirect hack is well-known to many researchers and is used in home land defence applications, but the Superfish case was the first time it has been seen in a product.

The genie is now out of the bag, and it can be seen that the core of the security of the Internet — SSL/TLS — is completely compromised, where users can’t really trust their browser to tell them if they are dealing with a valid remote site. Patches from McAfee and Microsoft are already being rolled-out, in order to detect the presence of Superfish. In itself it is not the Superfish code, but it is the third party code which causes the risk, but the third party code should never been allowed to be integrated into any products.

The lessons learnt from Superfish include:

  • Shovelware — Lenovo tried to enhance their business case by integrating Superfish, but it back-fired.
  • Third party integration — Superfish, unfortunately, integrated the Komodia SSL hijacker, which takes over SSL connections (for HTTPS).
  • Poor integration — Komodia embed their root CA certificate in the software allowing others brute force the certificate and determine the private key.

Companies need to be careful on the integration of software and libraries, especially from third parties, especially when compromising security settings. The sloppiness of storing the digital certificate which had both the private and public key for the tunnel is negligent to the highest degree!

In fact …

It is like storing the keys to your house under a plant pot!

and

… do software developers actually know the security of their own system.

It seems unbelievable that both Superfish and Lenovo allowed such a malicious software library on their system, and that it could also store the keys to the castle — the private key!

Only with true end-to-end encryption — and which encrypts at the data layer — can we truly pass data securely. For now, SSL/TLS remains a sticking plaster on the industry. With its horrible PKI infrastructure — that few people understand — it is not going to go away any time soon. Our future must be to encrypt data properly and not just rely on a weak tunnel to protect data in transit.

Here is a Bluffer’s guide to TLS 1.3:

A Bluffer’s Guide to TLS 1.3
So after nearly four years and 28 drafts, the IETF (Internet Engineering Task Force) has finally pushed TLS (Transport…medium.com