Researchers Mike Zusman and Alex Sotirov will release a tool during BlackHat later this month that will allow a man-in-the-middle (MITM) attack on SSL certificates, including EV SSL certificates. The problem is that too many sources are jumping the gun and hyping the issue to extreme proportions.
BlackHat talk raises questions about EV SSL.(IMG: J. Anderson / MSFT)
Zusman’s and Sotirov’s talk, “Breaking the Security Myths of Extended Validation SSL Certificates” is loosely-based on a talk given by Sotirov and Mike Zusman at CanSecWest, where man-in-the-middle attacks against EV SSL were discussed. The main point is that it is possible to capture everything transmitted during an SSL session, even an EV SSL session.
Sotirov corrected our description. In an email he points out, "The difference from 'The main point is that it is possible to capture everything transmitted during an SSL session, even an EV SSL session,' is that it is not possible to capture data from an SSL session without an additional bug in a certificate authority that allows the attacker to get a fake certificate. We don't want to imply that all SSL is broken that that the Internet will end tomorrow, just that EV-SSL is not better than regular SSL in that particular area. It is still better in other areas."
"If the attacker cannot get an EV-SSL certificate, does this mean it's impossible for them to get a green address bar in the browser? This is the point of our research. We have discovered multiple techniques through which attackers armed with just a regular SSL certificate for a certain site can do MITM attacks against it and still get a green address bar. These techniques rely on flaws in the browser security model, which does not distinguish between SSL and EV-SSL certificate for many internal operations. Until these browser flaws are fixed, EV-SSL sites will be no safer against MITM attacks than their regular SSL counterparts," he added.
In an interview with Dark Reading, Zusman gave a few examples of how their attack would play out.
“One possible attack scenario could be a bad guy setting up a rogue wireless access point at a café or in an airport. Or he could target a bank and intercept traffic going to the bank's Website,” the Dark Reading article points out. "The user sees the green glow, but the attacker is a rogue proxy sniffing his credentials," Zusman said.
How is this different from any other MITM attack that would use a rogue access point? Not to discount their work or tool, which is great stuff, but if you honestly thought that using SSL or EV SSL would make you safe from MITM attacks, then you are sadly mistaken about the use of EV SSL.
[Note: In the comments below (point three of Alex’s comments), we were corrected. The error stems from myself alone and the lack of separation of various attacks and understanding what the research was ultimately pointing to. I'll admit mistakes when I make them. -Steve]
The only reason that the tool and attack set to be discussed at BlackHat work is because the browsers treat EV SSL the same way they would a non-EV certificate. “There's no differentiation between the two [certificates] beyond the green badge," Zusman said in an interview with Dark Reading.
“The example that Zusman and Sotirov have given here correctly points out that we have to take a 360-degree outlook on security. If an EV certificate is in place, but you're using an unreliable hotspot, then that's not a secure ecosystem. It's very like the argument we frequently hear, which is that if malware were installed on the system to make a green address bar display, that in this circumstance the green bar would be a false indicator. And the response there is that it, too, is an insecure ecosystem,” VeriSign’s Tim Callan told The Tech Herald during an interview.
More technical, the attack on EV certificates is SSL rebinding. Zusman and Sotirov will switch the browser from talking to an EV certificate into talking with a normal SSL certificate or Domain Validated certificate.
“What we devised is a way to intercept this secure communication in such a way that we can see the data coming out of [the] browser, but all the while the user is still aware that the green glow of EV SSL is still there,” Zusman told eWeek. Yet, during the eWeek interview, Zusman pointed out that the easiest fix to the problem is not to trust DV certificates, but that would cause issues with too many sites. Yet because of cost, asking everyone to switch to EV SSL wouldn’t work either.
“The answer is to lock down these other security deficiencies. We can combat malware through a variety of methods like desktop and edge malware detectors, malware crawls available to site operators, and Extended Validation code signing. We can combat rogue hotspots through authentication initiatives such as the one surrounding the emerging WiMAX standard. WiMAX requires full authentication certificates to be available on all hotspots; in a world where consumers only trusted WiMAX hotspots the attack described here wouldn't be possible. Those are the new frontiers in ensuring a secure online ecosystem,” Callan added.
However, Perspectives, a Firefox plug-in that validates an SSL certificate as being served from the actual domain it reports to represent, does help mitigate these types MITM attacks.
Research for the BlackHat presentation included testing of all modern browsers, and each one can be exploited using this type of MITM attack. Yet, the fear that the new tool and the BlackHat presentation has caused is based on misconceptions as to what EV SSL really is. All EV certificates do is confirm that a website is who they claim to be. This means when you visit PayPal.com, the address bar will turn green, and you can be sure that you are on the correct site, and not about to fall victim to a Phishing attack.
EV SSL is used to prove identity, which is its core function. When it comes to data security, EV SSL offers the same layer of security a DV certificate will. The difference between a DV certificate and an EV certificate is the green bar and the process to obtain one. EV certificates are costly, and there is a good deal of follow-up identification processes before one can be obtained.
Yet, consumers and even IT professionals assume that EV SSL means more. They assume that the green bar is instant bulletproof security, and they are wrong for it. There needs to be more education to eradicate these misconceptions.
“The best advice for defeating these real-world attacks is for consumers to use an EV-capable browser, look for green address bars, and require that the company name in the bar matches the name they expect. In the meantime we'll encourage browser manufacturers and the likes of these researchers to continue exploring these scenarios so that EV SSL will continue to be the unambiguous asset to online security that it is today,” Callan told us.
Zusman and Sotirov have done a great job in pointing out the flaws that exist in SSL, mostly due to the way they are linked inside the browser. However, unlike the sensationalist headlines and comments, SSL is not broken, and it is not the end of the world to see it released to the masses.
Even with the extra security EV SSL can offer, if you connect to a rogue access point, or have all of your traffic rerouted because of Malware, then you have larger issues to worry about, and EV SSL wouldn’t have helped in the first place.
“Breaking the Security Myths of Extended Validation SSL Certificates” will take place on July 30, during the Random track at BlackHat in Las Vegas.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Comment on this Story