Google researchers have revealed details of a new flaw, dubbed POODLE, which effectively renders SSL 3.0 useless by allowing attackers to decrypt and steal data from supposedly secure connections.
SSL 3.0 is nearly 15 years old but although it has since been replaced by the newer and more secure encryption protocol TLS, most browsers still support it in case they encounter legacy servers.
“Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue,” explained Bodo Möller of the Google Security Team in a blog post.
The POODLE flaw itself – which stands for “Padding Oracle On Downgraded Legacy Encryption” – works by forcing a “fallback” to the use of SSL 3.0 and then stealing session cookies which could give the attacker access to a victim’s online accounts.
However, to launch such an attack a hacker would have to control the network between client and server, Möller and his colleagues wrote in a research paper.
Although this kind of MITM attack technically could be done over, say, a public Wi-Fi network, it is far from easy, potentially limiting the impact, according to experts.
“If both the client and server support SSL 3.0, the attacker can leak approximately one byte of clear-text for every 256 requests,” Rapid7 explained in a blog post.
“To give you an idea of the amount of effort required to get anything useful out of this, it would take approximately 2,000 forced requests to leak enough data for the attacker to hijack a typical HTTP over SSL session. This would take a few minutes if exploited by a hostile website that was silently forcing connections to another server in the background.”
The security firm urged businesses to disable SSL 3.0 on all clients and servers, starting with high value business critical assets like PCI sites and POS systems.
Others were slightly more laid back about the issue.
"Granted it’s a major flaw but there is really no concrete evidence as of yet - from my readings early this morning - that this exploit is being used," F-Secure technical advisor, Ifeanyi Nwabueze, told Infosecurity.
"Vendors are pushing out patches, so in essence the system is working; flaw found, alarm sounded and patches issued."
Google’s answer is to support the workaround TLS_FALLBACK_SCSV.
“This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks,” wrote Möller.
“Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly.”