Hypertext Transfer Protocol Secure (HTTPS), the system used by banks and other services to protect their users from prying eyes when using their sites, is vulnerable to a new attack according to a report on Ars Technica.
According to the report, the technique was scheduled to be demonstrated at the Black Hat security conference in Las Vegas yesterday (1 August 2013).
Yoel Gluck, one of the three researchers who developed the Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext attack, or BREACH, is quoted as saying that they don’t decrypt the entire channel and that the attack is very targeted.
It uses what is known as an oracle attack to extract data encrypted under the Transport Layer Security (TLS) or Secure Socket Layer (SSL) protocols in an HTTPS session.
How the oracle attack works
To execute the oracle attack, Ars reported that BREACH exploits the standard Deflate compression algorithm used by many websites to conserve bandwidth.
Deflate works by identifying and replacing repeating strings of text with a type of pointer that consumes much less space. This pointer can then be looked up in a kind of “string dictionary” included in the file or message to uncompress it.
BREACH uses this to help it guess sensitive or secret data sent over the encrypted link.
Ars used the examples of an e-mail address and special tokens that sites might send to prevent cross-site request forgery attacks.
An e-mail address would be divined by first guessing the domain and sending “probe” requests to the targeted web service. BREACH then compares the byte length of the guess to the original response.
If the correct domain is “@supersekrit.com” then the attacker would expect no length increase when it is compressed against the encrypted address. Once the correct domain is determined, the attacker can go about guessing the email username from right to left.
Similarly, should an attacker be looking for a token they would search for a specific string such as “request_token=” and then guess token text a character at a time. Unlike the email address, this string would be built up from left to right.
Good news: BREACH has some limitations
For BREACH to be able to do this, it fortunately requires that a victim first access a malicious link. Ars reported that this can be done by embedding an iframe tag in a page the victim frequents.
BREACH also only works against certain types of data included in Web responses, but as Ars noted, whenever an attacker can extract data protected by one of the most widely used encryption protocols it should be a concern.