• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 15th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

19-Year-Old ROBOT Flaw Resurfaces to Haunt Popular Websites

December 14th, 2017 Waqas Security 0 comments
19-Year-Old ROBOT Flaw Resurfaces to Haunt Popular Websites
Share on FacebookShare on Twitter

If you believe that popular, trusted websites like Facebook and PayPal are not vulnerable to exploits from previous eras then you are mistaken. Research suggests that various popular websites and online services are vulnerable to an exploit that was discovered way back in 1998 and it has made a comeback lately. The flaw, which has been named ROBOT, was discovered by Daniel Bleichenbacher in 1998.

ROBOT stands for the Return Of Bleichenbacher’s Oracle Threat. The new version of ROBOT was identified recently during by researchers Hanno Böck, Juraj Somorovsky and Craig Young during Facebook bug bounty program. Upon discovering this vulnerability, researchers were paid a considerable reward, which is not yet disclosed by the social network or the researchers. The findings were published on Tuesday.

ROBOT is found in the TLS/transport layer security protocol and it is now impacting all the leading websites as attackers can decrypt encrypted data and use the private encryption key of the site to sign communications. TLS protocol is used to conduct web encryption while the flaw is identified in the algorithm that handles RSA encryption keys.

The attack involves the use of exclusively created queries that generate errors on TLS servers in the form of Yes or No answers. the technique is called an adaptive chosen-ciphertext attack. These servers are responsible for protecting the communication between user’s browser and a website by decrypting HTTPS traffic. If the attack is successful, the attacker can passively monitor and record traffic too. It is also possible to carry out a man-in-the-middle-attack using this flaw.

The same technique was used to exploit the ROBOT vulnerability identified in 1998 however, the original ROBOT patch didn’t replace the unprotected RSA algorithm but the TLS standard was modified to make brute-force guessing much harder.

“After Bleichenbacher’s original attack the designers of TLS decided that the best course of action was to keep the vulnerable encryption modes and add countermeasures. Later research showed that these countermeasures were incomplete leading the TLS designers to add more complicated countermeasures. The section on Bleichenbacher countermeasures in the latest TLS 1.2 standard (7.4.7.1) is incredibly complex. It is not surprising that these workarounds aren’t implemented correctly,” the researchers wrote in their blog post.

After the ROBOT patch was released, the vulnerability has received several variations; such as in March 2016 another vulnerability related to ROBOT exposed around 33% of HTTPS connections to attackers. It was called the DROWN vulnerability.

Researchers claim that numerous vendors have failed to implement appropriate countermeasures to thwart attacks that aim at exploiting ROBOT. They wrote that the vulnerable implementations have been identified in seven vendors so far. These include F5, Cisco, and Citrix. While they also noted that some very popular websites on the internet have been affected including Facebook and PayPal. Several vulnerable subdomains have been identified on 27 of the top 100 domains, as per the ranking from Alexa.

Cisco in its advisory issued on Tuesday rated the vulnerability as Medium and that multiple products from Cisco have been affected such as the Cisco ACE30 Application Control Engine Module and ACE 4710 Application Control Engine Appliance. On the other hand, PayPal and Facebook issued patches in October 2017.

Various stopgap mitigation solutions have been offered by the researchers on their blog and they are also offering a testing tool to be implemented on public HTTPS servers along with a Python tool for testing the flaw.

“Most modern TLS connections use an Elliptic Curve Diffie Hellman key exchange and need RSA only for signatures. We believe RSA encryption modes are so risky that the only safe course of action is to disable them. Apart from being risky these modes also lack forward secrecy.”

The list of some of the sites affected by ROBOT flaw is available here.

  • Tags
  • Bug Bounty
  • Facebook
  • hacking
  • internet
  • Paypal
  • Privacy
  • ROBOT
  • security
  • Social Media
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Hackers behind Mirai botnet & DYN DDoS attacks plead guilty
Next article 85 Credential-Stealing Apps Found on Google Play Store
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

FBI accessing computers across US to remove malicious web shells

FBI accessing computers across US to remove malicious web shells

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
ParkMobile parking app data breach - 21M user records stolen, sold
Hacking News

ParkMobile parking app data breach - 21M user records stolen, sold

Unpatched MS Exchange servers hit by cryptojacking malware
Security

Unpatched MS Exchange servers hit by cryptojacking malware

Indian supply-chain giant Bizongo exposed 643GB of sensitive data
Leaks

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us