A famous 19 year old vulnerability known as Bleichenbacher’s Oracle attack has been rediscovered in RSA encryption system to give man-in-middle access to encrypted messages. The ROBOT attack’s rediscovery was analysed and researched by Hanno Böck, Juraj Somorovsky of Ruhr-Universitat Bochum/Hackmanit GmbH, and Craig Young of Tripwire VERT. They have given detailed explanations of this rediscovery including its implications and much more.
This rediscovery named as ROBOT (Return of Bleichenbacher’s Oracle Attack) has shocked the IT world. This attack basically gives the ability to an aggressor for performing RSA decoding and other cryptographic operations. This rediscovery of the Bleichenbacher’s Oracle Attack.
Bleichenbacher’s attack was first discovered in 1998 and gets its name from Swiss cryptographer Daniel Bleichenbacher. In an advisory published by CISCO, it explains:
“An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.”
The ROBOT attack’s rediscovery links to a chain of events that caused it:
In 1998, Bleichenbacher proposed to redesign encryption system. However, TLS planners chose to keep the powerless encryption modes and included a progression of countermeasures to keep the so-called data “safety”.
Presently, a group of security scientists has found that these countermeasures were fragmented and just by utilizing some slight varieties, this assault can in any case be utilized against numerous HTTPS sites. Their studies uncover that probably the most well-known sites on the Internet, including Facebook and Paypal, are influenced by the ROBOT attack.
Research analysts further quoted:
“For hosts that usually use forward secrecy, but still support a vulnerable RSA encryption key exchange the risk depends on how fast an attacker is able to perform the attack. We believe that a server impersonation or man in the middle attack is possible, but it is more challenging.”
Stay tuned to our news for further interesting hacking news from around the globe.