News on the problems on Internet security have been very frequent during last 12 months, and there does not seem to be any stop on news on Internet security problems.
The news started with NSA relevations that showed ho much NSA spied on the Internet users and how it has weakened the technologies used to project the user data in Internet. Keeping Your Data Private From the NSA was proven to be quite hard. The biggest NSA details have much been revealed, and you can find them at The NSA Archive. Edward Snowden exposed the NSA’s widespread efforts to eavesdrop on the internet, encryption was the one thing that gave us comfort. Snowden also warned that crypto systems aren’t always properly implemented.
The follow-up was a massive series of hits on the SSL security. SSL stands for Secure Sockets Layer, and it’s what helps ensure secure communication between your browser and your favorite web site. TLS, or Transport Layer Security, is a more recent protocol that does essentially the same. Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. HTTPS is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. This is the technology that keeps the Internet communications safe and allows us to access Internet services safely (for example to read your web mail, do credit card payments on web shops and do your on-line banking).
First in this series as was Apple’s epic security flaw in it’s SSL implementation. In February 2014 a mysterious, urgent update began pouring out to iOS devices. From there, the news just got worse. It wasn’t just an iOS bug, but a problem in Apple’s Secure Transport platform, present in OS X 10.9 for desktop and reaching back to iOS 6 on mobile. The vulnerability extended to every application built on Apple’s SSL library and was had gone unnoticed for 18 months. It was a SSL encryption issue that leaves iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack. A man-in-the-middle attack seamlessly intercepts communication between yourself and your intended recipient or website (the one who listens to traffic can read unencrypted user passwords). The security issue was bad and scary, but it now fixed. The actual problem was a pretty small programming error in the Apple SSL/TLS library file called sslKeyExchange.c in version 55741 of the source code. The problem was named “goto fail“.
This was unfortunately only a start, and the thing started getting to much worse direction in April. Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros articled told that a major security bug faces Linux users, akin to the one recently found in Apple’s iOS (and which Apple has since fixed). This GnuTLS bug is worse than the big Apple “goto fail” bug because hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks. The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package.
As if that was not enough, then comes the Attack of the week: OpenSSL Heartbleed. Heartbleed Is the Ultimate Web Nightmare that I would have not wanted to see. Security expert Bruce Schneier says “‘catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.” That’s about right. This was a very severe two-year-old security hole right in the core of the Internet security.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This can compromises the secret keys used to identify the service providers, which allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users. Basically, an attacker can grab 64K of memory from a server. The attack leaves normally no trace, and can be done multiple times to grab a different random 64K of memory. Exploitation of this bug leaves no traces of anything abnormal happening to the logs.
You might ask what versions of OpenSSL are affected? OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable. The newest version OpenSSL 1.0.1g is NOT vulnerable. Old OpenSSL versions at OpenSSL 1.0.0 branch and OpenSSL 0.9.8 branch are NOT vulnerable. While Heartbleed only affects OpenSSL’s 1.0.1 and the 1.0.2-beta release, 1.01 is already broadly deployed.Top ten biz software vendors reveal Heartbleed exposure, and so have also many smaller ones. Check the software you use against vulnerable software list.
The flaw was released as zero-day bug for what there was not fix at the moment the details were released. There are views that it have been known to black hats before its public discovery and disclosure. The bug was found some time ago independently by Finnish security testing company Codenomicon and Google researcher Neel Mehta. Some operating system, security companies and OpenSSL developers were already at work at delivering the patched versions. CloudFlare, a Web security company, revealed in a blog posting details about the security hole and that they’ve fixed the bug a bit too early before fixes were ready for broad deployment.
How am I affected as an end user? You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Most notable software using OpenSSL are the open source web servers like Apache and nginx,which have a combined market share of over 66% of the active sites on the Internet that use HTTPS. Half a million sites were vulnerable. Situation changes as sites get fixed. Here are some vulnerable site lists: The Heartbleed Hit List: The Passwords You Need to Change Right Now, Heartbleed bug: Check which sites have been patched and Heartbleed Alexa top 10000.
Furthermore OpenSSL is used to protect for example email servers, chat servers, virtual private networks (SSL VPNs), network appliances and wide variety of client side software. OpenSSL is also included in Android, the number one smart phone operating system (over 79% market share). Heartbleed Bug hits at heart of many Cisco, Juniper products. While most attention surrounding OpenSSL’s Heartbleed vulnerability has been given to the server side, the SANS Institute has reminded the world that the client side is also vulnerable and writing code to exploit vulnerabilities in clients is not going to be that difficult as the details are out on the wild.
Is my mobile affected? Yes. Heartbleed Bug Impacts Mobile Devices. Vulnerable OpenSSL is included in many Android version, but in most Android versions the Heartbeats feature was disabled (so not vulnerable). Depending on the source vulnerable Android versions are 4.1.1 and 4.2.2 or only 4.1.1. There are also many Android, iOS, and WP8 apps that are affected by Heartbleed.
The Heartbleed bug is affecting routers, too: Cisco Systems and Juniper Networks have announced that the Heartbleed bug has been found in their networking products. This news isn’t too surprising, as any device using OpenSSL is potentially vulnerable. Many routers and other forms of networking equipment use OpenSSL to secure mini web servers to run admin interface, leaving networking equipment vulnerable as a result. Networking Equipment Makers Scramble to Patch Heartbleed: Networking vendors Cisco, Juniper Networks, F5 Networks and Fortigate have all issued security alerts, disclosing that some of their products are affected by Heartbleed. Cable boxes and home Internet routers are just two of the major classes of devices likely to be affected , and ISPs now have millions of these devices with this bug in them. The same issue likely affects many companies, because plenty of enterprise-grade network hardware and industrial and business automation system also rely on OpenSSL, and those devices are also rarely updated. There are thousands of “shoestring budget” VPN concentrators in smaller businesses that will be vulnerable and probably won’t be updated. On the VPN side also excellent OpenVPN VPN-software is vulnerable if your system has OpenSSL version or your OpenVPN is compiled with vulnerable OpenSSL.
If you administer of any embedded networked device, check your device manufacturer if they have published information on vulnerabilities. To be sure you need to check the OpenSSL version or run vulnerability scanning, but checking these devices for the flaw is a laborious process. This is why many home automation systems and networking equipment vulnerable to a major encryption flaw are unlikely to be fixed. If you have such devices in use, there is also possibility that your devices are not affected by the bug because they can use old enough OpenSSL version that does not have this bug (OpenSSL versions 0.9.8 and 1.0.0 are very widely used even on quite recent embedded systems).
There has been discussion themed like Has the NSA Been Using the Heartbleed Bug as an Internet Peephole? It is hard to say for sure if it has been used or not. You can bet that whatever hackers and government agencies have not done this before, they’re doing it now. Security expert Bruce Schneier says that probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. So far, though, there’s no evidence to suggest this is the case and grabbing the private keys stored on a server’s memory isn’t without problems.
What you can do as an end user? Not very much. The problem is very much on the server end, and the service provider has to fix it first before you can do anything useful as end user. First you wait that your site has been updated (Check which sites have been patched). After the site has been patched, it is a good idea to change the password in case it has leaked. For information on which sited it would be a good idea to change password, check the following lists: The Heartbleed Hit List: The Passwords You Need to Change Right Now, Heartbleed bug: Check which sites have been patched and Heartbleed Alexa top 10000. Do not log into accounts from afflicted sites until you’re sure the company has patched the problem. Keep a close eye on financial statements for the next few days. Because many of the vulnerable sites were well known web shops and attackers could maybe have accessed a server’s memory for credit card information, so it wouldn’t hurt to be on the lookout for unfamiliar charges on your bank statements.
So not only is every password you’ve used at a vulnerable site at risk — the bigger problem is that although major vendors and websites are scurrying to fix this problem now, smaller apps and sites might take more time. Or worse, they might ignore the problem altogether. Remember that a malicious server could easily send a message to vulnerable software on phones, laptops, PCs, home routers and other devices, and retrieve a 64KB block of sensitive data from the targeted system. Security penetration testers are going to find themselves in work a long time with this.
What if you are are a server operator? Test your own site vulnerability here or using one of these tools (use at your own risk). Run the test only against your own site, because It might be ILLEGAL to run Heartbleed health checks against sites without the site owner permission. Check also the software you use against vulnerable software list. If you have this problem, then what to do? The remedy is unfortunately pretty nasty. Having identified a problem, the first step is to patch OpenSSL to 1.0.1g version. If you can’t update library, you can recompile existing version with the -DOPENSSL_NO_HEARTBEATS option. Sadly, this is only the beginning because there’s no way to tell whether a server had been exploited because this bug leaves no traces of anything abnormal happening to the logs. Bruce Schneier advice: After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected. Have fun. Its a lot of work.
Fortunately IDS/IPS technologies can be used to detect if someone it trying to attack you this way. Although the content of the heartbeat request is encrypted it has its own record type in the protocol, which allows intrusion detection and prevention systems (IDS/IPS) to be trained to detect the use of the heartbeat request. There are now signatures available to detect exploits against Heartbleed, as Dutch security firm Fox-IT points out on its website.
Now the main details of the bug are told. For simple visual explanation of Hearbleed but take look at XKCD Heartbleed Explanation. For more stories on this check out Heartbleed web page and Behind the Scenes: The Crazy 72 Hours Leading Up to the Heartbleed Discovery article.
Deep technical details of the OpenSSL bug
Bug is in the OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server. Basically, an attacker can grab 64K of memory from a server. This can happen during connection negotiation, which is why the flaw can be exploited by an unauthenticated attacker. Since this is the same memory space where OpenSSL also stores the server’s private key material, an attacker can potentially obtain (a) long-term server private keys, (b) TLS session keys, (c) confidential data like passwords, (d) session ticket keys. It is very likely that it is possible in at least some cases, but it hasn’t been demonstrated to work all the time.There likely difference on what software is run on server. There is even a Heartbleed Challenge to steal the keys from server running vulnerable OpenSSL version.
The problem in the OpenSSL library is fairly simple: there’s a tiny vulnerability — a simple missing bounds check — in the code that handles TLS ‘heartbeat’ messages. By abusing this mechanism, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. But in this case a this tiny problem cause a massive problem, because the software was very widely used and details if the flaw became available widely before most parties had any possibility to fix the issue. Though security vulnerabilities come and go, this one is deemed catastrophic because it’s at the core of SSL.
Bruce Schneier speculates that someone could have intentionally added the Heartbleed bug to OpenSSL, but it’s more likely the case that it got in there by accident. Man who introduced serious ‘Heartbleed’ security flaw denies he inserted it deliberately. And that is quite believable I think. The original bug was introduced in this Git commit. The bug was quite dull. The fix is equally simple. Just add a bounds check. This has been done in the version 1.0.1g. How did this get through? Coding mistakes happen and they are not often detected on code reviews. It happens all the time no matter if you do open source or commercial software. Very many skilled must have looked at the code (this is very widely used open source software so code so many people must have looked at it more or less) can’t find all the bugs . This was a simple C coding bug, but yet it took more than two years to find. Bug was introduced to OpenSSL in December 2011 (submitted just before midnight on New Years Eve) and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
The small team of OpenSSL developers have had a pretty amazing record of maintaining the world’s most popular TLS library before this. Maintaining OpenSSL is a hard job with essentially no pay, so maybe the companies using OpenSSL tool should contribute financially to its development, maintenance, and evaluation to avoid potential future fiasco! Should there be better bug finding tools or different process? I don’t know the answer to this, but there is no silver bullet to guarantee that this kind of bugs don’t appear in the future here or in some other software. One comment to Attack of the week: OpenSSL Heartbleed article claims hat there seems to be a general problem with open source and crypto: The incentives and rewards for finding and using exploits are much higher than those for finding and publishing exploits. A security researcher revealing bug to developers gets a pat on the shoulder, well done, thanks.
I end my too long security article here…