BREACH Compression Attack Steals SSL Secrets 106
msm1267 writes "A serious attack against ciphertext secrets buried inside HTTPS responses has prompted an advisory from Homeland Security. The BREACH attack is an offshoot of CRIME, which was thought dead and buried after it was disclosed in September. Released at last week's Black Hat USA 2013, BREACH enables an attacker to read encrypted messages over the Web by injecting plaintext into an HTTPS request and measuring compression changes. Researchers Angelo Prado, Neal Harris and Yoel Gluck demonstrated the attack against Outlook Web Access (OWA) at Black Hat. Once the Web application was opened and the Breach attack was launched, within 30 seconds the attackers had extracted the secret. 'We are currently unaware of a practical solution to this problem,' said the CERT advisory, released one day after the Black Hat presentation."
Seems pretty dangerous (Score:5, Interesting)
This is quite an ingenious attack, but I am very surprised it has taken people so long to find it, as it is very straightforward and easy to understand conceptually. Makes you wonder "how did I not think of that".
Although it may seem like the requirements of a successful attack are difficult to achieve, this may not be the case.
It is usually very easy to inject some plain-text in the source code of webpages.
On facebook:
https://www.facebook.com/photo.php/INJECT_WHATEVER_YOU_WANT_HERE/ [facebook.com]
If you view the source of that URL you can see the text "INJECT_WHATEVER_YOU_WANT_HERE" appears 3 times in the source code.
By appending the query string, on youtube:
https://www.youtube.com/watch?v=hLkugwOYbFw&INJECT_WHATEVER_YOU_WANT_HERE [youtube.com]
And on google:
https://www.google.com/?INJECT_WHATEVER_YOU_WANT_HERE [google.com]
That means that an attacker can extract secret information from a lot of the HTTPS pages that you're visiting.
When I first read about this attack, the first fix that came into my mind was to just append /* [random text of random size] */ to all text/html responses.
But this may cause troubles: if the random padding is too large, the purpose of compression
is defeated. If it is too small, workarounds may be found.
Maybe it is time to start thinking of algorithms that perform compression and encryption together, not separately?
Re:Why use HTTP Compression? (Score:2, Interesting)
You can start to figure out how to render the page as soon as you have the HTML (and javascript, css etc.). It's on the critical path, as the HTML is what tells you what else to download, like images. Any speed-up in transferring the HTML directly leads to lower latency on loading a webpage. Text compresses very well so the reduction is significant. The text is much larger than you think for large pages or even for small pages when you include javascript, css and so on. Even http headers are now being compressed and that on it's own turns out to be worthwhile. This is especially significant on mobile where bandwidth is low, latency is high and every bit transferred costs money (if you are not on an unlimited plan) and drains the battery.