Over 25 of the most popular websites, including Facebook and Paypal, are vulnerable to attacks because of the resurgence of a 19-year-old exploit dubbed ROBOT. The flaw was first discovered in 1998 by Swiss cryptographer Daniel Bleichenbacher. However, security researchers found that the exploit can still be used against websites today.
ROBOT (Return of Bleichenbacher's Oracle Threat), is a variant of the 1998 security vulnerability in the transport layer security protocol for web encryption that affected TLS servers that uses RSA encryption.
According to security researchers Hanno Böck and Juraj Somorovsky from Hackmanit GmbH, Ruhr University Bochum, and Tripwire VERT's Craig Young, the server implementation flaw could allow hackers to perform RSA decryption and key signing. This would allow them to decrypt traffic on the targeted website, in turn causing the website to leak sensitive information.
ArsTechnica reported that the flow could also allow hackers to decrypt ciphertext even without having access to the secret decryption key. Rather than rewriting or discarding the flaw, security experts came up with workarounds that suppressed the error messages.
Researchers found that around 27 of the top 100 most popular websites, as ranked by Alexa, were vulnerable to the ROBOT exploit. Around 2.8% of the top one million sites were also found to be vulnerable to the same attack.
"We were able to identify eight vendors and open source projects and a significant number of hosts that were vulnerable to minor variations of Bleichenbacher's adaptive-chosen ciphertext attack from 1998. The most notable fact about this is how little effort it took us to do so. We can, therefore, conclude that there is insufficient testing of modern TLS implementations for old vulnerabilities," the researchers said in a paper.
"The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight," the researchers said in a blog. "This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack."