Just $104 to exploit the FREAK flaw and hit the NSA website

Pierluigi Paganini March 07, 2015

Researchers hack NSA’s website with only $104 and 8 hours of Amazon’s cloud computing power using the #FREAK vulnerability

A team of researchers demonstrated that it is possible to exploit the FREAK vulnerability to hack the official NSA website by using 8 hours of Amazon’s cloud computing power and spending only $104.

The researcher made a proof of concept for this attack only using a “few ingredients”; a collection of tools to run the MITM attack, the ability to (quickly) factor 512-bit RSA keys, a vulnerable client and server.

PoC was prepared by Karthik Bhargavan and Antoine Delignat-Lavaud at INRIA, the two researchers assembled an MITM proxy that can capture connections and modify them on fly to force the export-RSA against a vulnerable website.
“To factor the 512-bit export keys, the project enlisted the help of Nadia Heninger at U. Penn, who has been working on “Factoring as a Service” for exactly this purpose. Her platform uses cado-nfs on a cluster of EC2 virtual servers, and (with Nadia doing quite a bit of handholding to deal with crashes) was able to factor a bunch of 512-bit keys — each in about 7.5 hours for $104 in EC2 time.”

In reality, it is profoundly wrong to define a hack the exploitation of the FREAK flaw to run a MITM attack against the NSA website, the researchers haven’t compromised the server that is hosting the government site.

nsa fake copy for FREAK attack

“Some will point out that an MITM attack on the NSA is not really an ‘MITM attack on the NSA’ because NSA outsources its web presence to the Akamai CDN (see obligatory XKCD at right). These people may be right, but they also lack poetry in their souls.” explained the crypto expert Matthew Green.

FREAK cartoon

FREAK is major security SSL/TLS vulnerability recently discovered that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of legitimate and secure websites. By exploiting the FREAK flaw an attacker can force clients to use older and weaker encryption, then he can crack the traffic protected with 512-bit key encryption in a few hours. Once decrypted the traffic a threat actor can steal sensitive information or launch an attack by injecting malicious code. According to a security advisory published by Microsoft all supported versions of Windows are affected by the recently discovered FREAK vulnerability

The list of websites vulnerable to the FREAK flaw includes sites belonging illustrious organizations and Intelligence agencies like the NSA.gov, FBI.gov and Whitehouse.gov.

“Based on some recent scans by Alex Halderman, Zakir Durumeric and David Adrian at University of Michigan, it seems that export-RSA is supported by as many as 5.2% 36.7% (!!!!) of the 14 million sites serving browser-trusted certs. The vast majority of these sites appear to be content distribution networks (CDN) like Akamai. Those CDNs are now in the process of removing export grade suites.” states Matthew Green.

A part of the security community considers the FREAK vulnerability an intentioned vulnerability introduced by governments in order to conduct surveillance activities.

FREAK is a “good example of what can go wrong when government asks to build weaknesses into security systems,” ​wrote Ed Felten, another respected professor of computer science at Princeton University.

Back in 1990s it was allowed a maximum key length of 512 bits for “export-grade” encryption, the situation changed in 2000 due to a modification of the US export laws. Starting from 2000 vendors were allowed to include 128-bit ciphers in the products that were distributed all over the world. The experts that found the FREAK vulnerability discovered that the “export-grade” cryptography support was never removed.

“In the current climate, it felt like the appropriate website to mount a man-in-the-middle attack on,” Said Bhargavan who is the member of the group that disclosed the bug.

Among other vulnerable websites, there is connect.facebook.net, which hosts the script for Facebook’s “Like” and login button that are included in several websites on the Internet.

At the time I’m writing, the NSA is vulnerable to the FREAK attack, despite the website doesn’t contain sensitive information experts speculate that it has a careers session. A threat actor exploiting the FREAK flaw could potentially steal the credentials of would-be NSAers and access their job applications, as reported by Motherboard website.

Pierluigi Paganini

(Security Affairs –  FREAK, NSA )

you might also like

leave a comment