Researcher Demonstrates Twitter SSL Vulnerability

A security researcher has demonstrated how attackers could use a newly discovered vulnerability in the Secure Sockets Layer protocol to launch an attack on Twitter.

The researcher, Anil Kurmus, posted details of the attack to his blog, The Secure Goose, 10 Nov. The exploit takes advantage of a vulnerability reported 5 Nov. by researchers from PhoneFactor. Although the security hole Kurmus took advantage of has reportedly been closed by Twitter, one of the researchers at PhoneFactor who discovered the bug said the exploit underscores the flaw’s significance.

The exploit takes advantage of an SSL renegotiation issue. According to PhoneFactor, the vulnerability partially invalidates the SSL lock and enables attackers to launch attacks that could compromise a variety of sites that use SSL for security—including banking sites, and back-office systems that use Web services-based protocols.

In a paper, PhoneFactor researchers Steve Dispensa and Marsh Ray explained (PDF) that the vulnerability allows a man-in-the-middle attack to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This in turn can lead to a variety of abuses, they contended.

In Kurmus’ case, he took advantage of the flaw to steal Twitter log-in information as it passed through encrypted data streams between client applications and Twitter’s Web servers.

“If a Web application allows users [to] store or transmit arbitrary data from a post request to a location where the user can later retrieve it, an attacker can prefix the victim’s entire HTTP request as a post and then read it back out, gaining access to sensitive information in the process, such as cookies or other authentication credentials,” explained Tom Cross, manager of IBM X-Force Advanced Research, in a blog post. “In Mr. Kurmus’ example he uses this technique to post a victim’s Twitter request to his own Twitter feed, gaining access to the victim’s password.”

“Obviously, a great many Web applications allow users to store or transmit arbitrary data,” Cross continued. “The most obvious examples are Web mail applications—the attacker could essentially e-mail himself a copy of the victim’s cookie. Webmail credentials are a popular target on insecure wireless LANs.”

When news of the vulnerability hit, some in the security community said the bug’s impact was essentially the same as cross-site request forgery, which many Web applications are protected against. However, according to Dispensa, Kurmus’ exploit showed that the bug could have broader implications.

“It’s difficult to predict the implications of a break in a security protocol, however subtle it might be,” Dispensa said in a statement. “I suspect we’ll be uncovering new ways to exploit this protocol flaw for years to come. A complete solution involves patching every SSL client and server in the world, which will take years, so administrators will have to keep a close eye on systems in the meantime. Administrators should deploy countermeasures such as vendor-supplied patches, intrusion detection systems and so on.”