According to a recent paper published by the joint efforts of Ruhr University, Tel Aviv University, Paderborn University, and the German Federal Office for Information Security, a team of cybersecurity has discovered a theoretical attack on the Transport Layer Security (TLS) cryptographic protocol. The attack can be used to decipher HTTPS traffic between servers and clients to decrypt and read sensitive communications. The attack has been named “Raccoon” and is described as a man-in-the-middle (MITM) attack that also exploits rare underlying conditions.
What is the “Raccoon Attack”?
A Raccoon attack is a MITM attack that requires precise timing from the target server and for the connections to utilize the Diffie-Helman (DH) key exchange to decrypt TLS communications. TLS, and the older Secure Socket Layer (SSL), are used to encrypt HTTPS traffic, allowing everyone to browse, shop, use email, send instant messages, and other online activities without any third-party intercepting and reading accessing the data being exchanged.
The Raccoon attack permits attackers to decrypt and read the traffic between the target server and client to obtain personal or confidential information. This attack is particularly difficult to utilize, as it requires incredibly accurate or fortunate timing on top of TLS 1.2, older encryption protocols, and connections utilizing and reusing DH keys.
So, how likely are we to see this attack?
This attack relies heavily on the attacker being able to discover a vulnerable server that they can then discover precise timing measurements on. That server would also be required to be utilizing and reusing DH keys for their connections while utilizing TLS 1.2, or older, for encryption.
It is further explained that this helps attackers to compute the original premaster secret established between the client and the server. This is done by using a set of equations that use a solver for a Hidden Number Problem (HNP). Which is then used to decrypt TLS encrypted traffic.
Despite the potential to decrypt TLS sessions, it is noted that this attack would be exceptionally difficult for most attackers to utilize. They would have to find a target with specific and rare conditions to be able to perform this attack. Then the attackers would also need to be a short distance from the target server to carry out such precise timing measurements while also needing to observe the original connection.
What should you do?
While the Raccoon attack is difficult to exploit it is not impossible. Taking measures now can further reduce the risk of falling victim to this new attack.
It is recommended that you install the latest vendor security patches, these patches include Mozilla, Microsoft (CVE-2020-1596), OpenSSL (CVE-2020-1968), and F5 Networks (CVE-2020-5929).
Verify your server configurations and settings. Are you running on TLS 1.2 or older? Are you reusing DH keys? Check with your server administrators to verify that you are protected.
To acquire a better overview of the Raccoon attack, the researchers who discovered it, the methods, and mathematics behind carrying out, read the official research paper here https://raccoon-attack.com/RacoonAttack.pdf.
For news and updates from the cyberworld, visit blog.excellimatrix.com.
Follow us on Facebook, & LinkedIn or Contact us. Feel free to call us 406-646-2102 or mail sales@ExcelliMatrix.com.