Is the Sky Falling? A Look Into the DROWN Attack
On March 1, a group of researchers working in academia and the tech sector released news that over a third of the servers on the internet are susceptible to having their secure traffic decrypted were it to be intercepted. Welcome to CVE-2016-0800, the DROWN attack.
Anyone who’s been following the news over the last year is by this time probably a bit weary of hearing about newly-discovered vulnerabilities. Indeed, two previously-discovered vulnerabilities in OpenSSL make this one trivially easy to execute – and in fact would facilitate an attacker inserting himself in between your affected server and its counter party. The synergy between this new vulnerability and those two old ones allow an affected server to be compromised on-the-fly in a so-called “man-in-the-middle” attack. Assuming you’ve fixed OpenSSL or were never vulnerable to its issues, you still have a problem if your certificate’s private keys are in use on any server configured to support SSLv2: an investment of under $450 of Amazon EC2 time will allow your traffic to be decrypted. That’s a little spooky.
So is the sky falling? Probably not, but there are very dark clouds on the horizon. While the DROWN attack doesn’t yield your private keys, and you’re not going to need to re-key your SSL certificates as a result, it does allow individual connections to be decrypted as long as your vulnerable server is responsive to requests for SSLv2. The problem stems from the government-weakened export encryption that makes it possible to learn something about the way a server handles more secure protocols by probing it for SSLv2 and listening to the response. Be sure the NSA will be paying keen attention to this as it sifts through the data it’s collected, and be even more certain the FBI is a bit irked by the fact that apple.com isn’t on the list of domains known to be compromised by it.
The action incumbent upon anyone entrusted with the keys to your certificates is to check each place they’re installed to be sure they’re not configured to support SSLv2 – and if any are found that can’t be remediated, to silo their certificates so that they’re not used elsewhere. While it’s not easy for someone to intercept your traffic and probe a vulnerable server until they find a way to decrypt it, remember your control over the internet stops at your firewall.
The sky may not be falling, but there’s definitely a storm brewing. Be sure SSLv2 is disabled on every server that has your keys. As always, we’re here to help.