This website uses cookies. By continuing to browse this website, you accept our use of cookies and our Cookie Policy. Close
Wednesday, Jul 15, 2015

RC4 NOMORE - Decrypting Cookies In Just 52 Hours

Share

Carl Leonard Principal Security Analyst

<p>
Researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have shown that they can exploit weaknesses in the RC4 algorithm in order to decrypt web cookies used to store end-user content when communicating with HTTPS-enabled websites.</p>

<p>
<a href="https://en.wikipedia.org/wiki/RC4">RC4</a>&nbsp;is one of several algorithms used to encrypt content for use with TLS.&nbsp; RC4 was designed almost 30 years ago and has since been shown to be vulnerable to attack.</p>

<p>
<em>[UPDATED 17 July 2015]</em></p>

<p>
According to the International Computer Science Institute at Berkeley University of California around&nbsp;<a href="http://notary.icsi.berkeley.edu/">12.8% of cipher-suites</a>&nbsp;observed in the last 30 days still use the RC4 encryption algorithm.&nbsp;Our own research has indicated that 44 of the top 100 Alexa sites support at least one RC4 cipher suite at this time.</p>

<p>
We strongly encourage webmasters to re-consider their use of RC4.&nbsp; Any website can be quickly checked with online tools such as Qualys SSL Labs&#39; SSL Server Test tool. &nbsp; The aim is to not see RC4 listed in the &quot;Cipher Suites&quot; section as this analysis on our websense.com site shows:&nbsp;<a href="https://www.ssllabs.com/ssltest/analyze.html?d=websense.com&amp;s=204.15...

<p>
<img alt="" src="/sites/default/files/blog/legacy/8688.websense_ssl_server_test.png-550x0.png" style="height:215px; width:549px" /></p>

<h3>
Implications</h3>

<p>
The recently discovered attack, dubbed RC4 NOMORE (<strong>N</strong>umerous&nbsp;<strong>O</strong>ccurrence&nbsp;<strong>MO</strong>nitoring &amp;&nbsp;<strong>R</strong>ecovery&nbsp;<strong>E</strong>xploit), will be presented at the upcoming USENIX Security Symposium scheduled for mid-August&nbsp;in Washington, D.C.</p>

<p>
Previous attacks against RC4 took in the region of 2000 hours to complete, but the method used by Vanhoef and Piessens has proven to be successful in as little as 52 hours in real-world applications.&nbsp; The implications are that an attacker with Man-In-The-Middle (MITM) capabilities could&nbsp;<em>trigger</em>&nbsp;a user to access code that generates the required data for the process to successfully determine the required cookie data.&nbsp; Within a short time the attacker could then log on to a website on behalf of the target, using the generated cookie data.</p>

<h3>
<strong>Recommendations</strong></h3>

<p>
RC4 should be considered unreliable as a method to achieve secure data&nbsp;encryption.&nbsp; Given the time frame in which an attacker could successfully decrypt a web cookie, consideration should be given to moving away from use of RC4.</p>

<h3>
Reference Material</h3>

<p>
The RC4 NOMORE attack is summarized on a newly-registered, dedicated website:&nbsp;<a href="http://www.rc4nomore.com/">http://www.rc4nomore.com/</a></p>

<p>
The full paper describing the attack is available here:&nbsp;<a href="http://www.rc4nomore.com/vanhoef-usenix2015.pdf">http://www.rc4nomore.co...

<p>
Details on the 24th USENIX Security Symposium are available here:<a href="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/pr...

<p>
We will continue to monitor for developments related to weaknesses in RC4 and other encryption algorithms.</p>

About the Author

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...