An international group of researchers from the Weizmann Institute of science (Israel), Adelaide University (Australia) and the University of Michigan (USA) has developed a new type of attack on third-party channels, allowing it to lower versions of most of the current implementations of TLS and intercept the closed keys of encryption.
A new technique, called Cache Attacks (CAT), is a modification of the first practical attack on RSA (Padding Oracle attack), proposed by Daniel Bleichenbacher (Daniel Bleichenbacher) two decades ago.
Over the years, manufacturers have implemented a number of measures to protect against attacks of this kind, however, as it turned out, they can be bypassed using information received in side channel attacks to the cache. With a combination attack FLUSH+RELOAD technique Browser Exploit Against SSL/TLS (BEAST) and predicting transitions, the researchers were able to lower versions of TLS implementations in seven of the nine popular libraries (OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, GnuTLS). The method did not work when tested on the example BearSSL and BoringSSL. The vulnerability received the CVE identifiers-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869 and CVE-2018-16870.
Cache Attacks technique involves the parallel application of several attacks Padding Oracle that the result allows to extract private encryption keys for the connection is protected by TLS. In theory, using this method an attacker can steal the authentication token to access the user account (e.g. Gmail) and intercept connection or control over the account.
The main difference between the original and the “modified” version of the attack lies in the fact that for its implementation the attacker must have access to a vulnerable system (by malware or logging in to account under the guise of the victim).
According to the researchers, CAT equipment can be used to attack any software that uses the above vulnerable libraries, especially OpenSSL and CoreTLS.
Padding Oracle Attack uses the decryption of the cipher text to recover the plaintext by sending manipulated multiple encrypted texts.
Flush+Reload attack side channel to the cache when the tracked access data in the shared memory pages.
Read more •••