Research Reveals How to Break SSL With a Thirteen-Year-Old RC4 Weakness

REDWOOD SHORES, Calif., March 26, 2015 (GLOBE NEWSWIRE) — Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today released its latest Hacker Intelligence Initiative (HII) report, “Attacking SSL when using RC4: Breaking SSL with a 13-year old RC4 Weakness.” Authored by the company’s Application Defense Center (ADC) research team, the report reveals new attack vulnerabilities on the popular Transport Layer Security (TLS/SSL) protocol, which is currently used to protect as many as 30 percent of all SSL transactions, a number that may equate up to billions of TLS connections per day.

The Reach of This Threat

SSL, believed to be the most widely-used secure communications protocol on the Internet today, is used for securing a wide variety of application-level traffic. Serving as the basis of the HTTPS protocol for securing web browsing, it is used in conjunction with IMAP or SMTP to cryptographically protect email traffic, as well as being a popular tool to secure communication with embedded systems, mobile devices, and in payment systems.

Considering the popularity of SSL in Internet connections, it would only make sense that this protocol is completely secure. However, in the last few years, several significant vulnerabilities have been discovered in the SSL protocol. The Imperva research team has discovered that using the RC4 algorithm, known to be a weak cipher for many years, is putting users’ sensitive data at risk.

Report Examines Several Attack Specifics:

  • The new attack can leak SSL protected data in 1 out of 16 million RC4 encryptions, summing up to thousands of secure messages that are potentially compromised every day.
  • A new Man-in-the-Middle attack, similar to the BEAST vulnerability first discovered in 2011, on SSL with RC4. This attack allows the attacker to extract partial information from the protected data. The Imperva research shows that this leakage is significant, facilitating faster brute force attacks on things such as passwords, credit card numbers, and session cookies.
  • The new attack is more “stable” than previously published attacks on SSL and works in more scenarios, e.g., when the attacker tries to steal short-lived session cookies.
  • A passive variant of the attack (believed to be the first passive attack on SSL) leaks secret information of a random victim.
  • Every single time someone uses SSL with RC4 to protect their data, that person has a small but non-negligible chance to have his data compromised.

“The research team that comprises the Application Defense Center is continually updating existing work, exploring new vulnerabilities and publishing reports that provide insight and guidance on the latest threats,” said Itsik Mantin, director of security research, Imperva. “This latest research on the vulnerabilities affecting up to billions of TLS connections every day, is just another example of how we’re helping to alert users of online threats, while providing actionable guidance on how security professionals can protect their organization from the latest threats.”

How to Protect Against an Attack

From this latest research published by the ADC, Imperva encourages web administrators to disable RC4 in their SSL configuration; web users to disable RC4 in their browser SSL configuration; and browser providers to remove RC4 from their SSL cipher list.

For a full copy of the Imperva report “Attacking SSL when using RC4: Breaking SSL with a 13-year old RC4 Weakness,” please visit http://www.imperva.com/download.asp?id=489.

About Imperva

Imperva® (NYSE:IMPV), is a leading provider of cyber security solutions that protect business-critical data and applications. The company’s SecureSphere, Incapsula and Skyfence product lines enable organizations to discover assets and risks, protect information wherever it lives – in the cloud and on-premises – and comply with regulations. The Imperva Application Defense Center, a research team comprised of some of the world’s leading experts in data and application security, continually enhances Imperva products with up-to-the minute threat intelligence, and publishes reports that provide insight and guidance on the latest threats and how to mitigate them. Imperva is headquartered in Redwood Shores, California. Learn more: www.imperva.com, our blog, on Twitter.

© 2015 Imperva, Inc. All rights reserved. Imperva, the Imperva logo, SecureSphere, Incapsula and Skyfence are trademarks of Imperva, Inc. and its subsidiaries.

CONTACT: Media Contact:          Anne Trapasso          312-552-6327          atrapasso@vocecomm.com

Imperva Logo

Imperva