News from the CRIME scene

By September 27, 2012Technical

The dust from ekoparty, an Argentinian security conference, has settled, and we now have details on CRIME, an attack on the encryption widely used in web browsers.

When we previously talked about CRIME the details of the attack were speculation. They now appear to have been correct.

To recap, if the attacker can hijack your browser as well as sniff your (encrypted) network traffic, they can perform a chosen-plaintext attack to extract small amounts of information from your session. This information, like a login cookie, can then be used to impersonate you.

Interesting details

A couple of other things have come out that weren’t initially obvious. Actually performing the exploit in the browser can be done in a number of ways, such as query strings in GET requests and image tags in HTML. This is easier than messing with javascript to push requests, especially if you’re attempting to inject cross-site code as an attacker.

It’s also confirmed that the attack affects crypto in multiple contexts – due to the generic concept of the attack (crypto used with compression), regular TLS/SSL and SPDY are affected.

Mitigation

The real solution is to modify the way browsers perform encryption to disable this side-channel attack, so that chunks of sensitive data are compressed independently of each other. That’s still in the pipeline and needs to be done in the protocol (in the case of SPDY), as described by one of Google’s security wizards, so the interim quick fix is to simply disable compression in the crypto layer. This has been done in current versions of all major browsers.

Other reading

There’s plenty more details that we haven’t covered here. If you’re interested, we think these links are worth checking out: