The attack can compromise a website’s RSA encryption by decrypting the data using the private key of the TLS server. It was possible because of the vulnerability present in the RSA algorithm used in SSL protocol, exploited by Bleichenbacher.
Now, the security researchers have managed to revive it in the name of ROBOT attack by slightly modifying things and make it work on the SSL’s successor TLS (Transport Layer Security).
In a blog spot, the researchers said that the vulnerabilities revealed by Bleichenbacher weren’t removed but countermeasures were added in the SSL successor TLS protocol. “Later research showed that these countermeasures were incomplete leading the TLS designers to add more complicated countermeasures.”
The worst affected products and websites are the ones which only use RSA encryption key exchanges. It’s possible for the attacker to perform MITM attacks to capture network traffic and decrypt the same later. For the websites that support a vulnerable RSA encryption key exchange but use forward secrecy, the level of risk depends on how fast the attacker can perform the attack.
The researchers found that 27 out of the Alexa top 100 websites are exploitable. This includes Facebook which already got fixed back in October, according to Forbes. Otherwise, it would have allowed an attacker to compromise people’s accounts. Another big name is PayPal. Further, the list includes affected products from Cisco, F5, Citrix.
The researchers have provided the details about security patches from affected vendors in the blog post which also includes the tools that can be used to test the Robot attack.
For end-users, there is nothing to do because the Robot attack exploits server-side vulnerabilities. Also, the attack doesn’t affect Bitcoins. The cryptocurrency uses Elliptic Curve Diffie Hellman key exchange instead of RSA. However, there is an indirect hard way the attack could be performed.
