Tech

RC4 NOMORE crypto exploit used to decrypt user cookies in mere hours

Websites using RC4 encryption need to change their protocols as exploits using design flaws are now far easier to perform.

Written by Charlie Osborne, Contributing Writer July 20, 2015 at 3:21 a.m. PT

A fresh warning concerning the use of RC4 to support secure communication channels online has been issued after researchers were able to exploit the protocol to decrypt user data in mere hours.

Researchers Mathy Vanhoef and Frank Piessens from the University of Leuven, Belgium, have demonstrated a way to exploit weaknesses in the Rivest Cipher 4 (RC4) encryption algorithm in order to decrypt web cookies, potentially placing end-user stored content at risk.

RC4 is one of several options for supporting content encryption through Transport Layer Security (TLS), a channel used to prevent third parties from spying upon data transmissions between servers and users. While widely used today by a number of websites in secure data transfers, the algorithm was designed roughly 30 years ago and is vulnerable to modern-day cyberattacks.

The team's discovery, explored in a Wensense blog post, details a recently discovered exploit called RC4 NOMORE (Numerous Occurrence Monitoring & RecoveryExploit). The attack takes advantage of cryptographic flaws to decrypt web cookies which store user data in as little as 52 hours -- a far cry from an average of 2000 hours in previous attacks using RC4 weaknesses.

Featured

"The implications are that an attacker with man-in-the-middle (MITM) capabilities could trigger a user to access code that generates the required data for the process to successfully determine the required cookie data," the researchers said.

"Within a short time the attacker could then log on to a website on behalf of the target, using the generated cookie data."

According to the International Computer Science Institute at Berkeley University of California, approximately 13 percent of cipher-suites used by webmasters worldwide still use the RC4 encryption algorithm, which places hundreds of thousands of websites -- and the data of their users -- at risk.

Security firm Websense believes RC4 should now be considered an "unreliable" method of supporting secure data encryption. Mozilla recommends disabling the algorithm when possible due to weaknesses in the encryption algorithm's structure. The company attempted to remove the algorithm completely in previous versions of the Firefox browser, however, the protocol is still in use due to telemetry data. Microsoft began reducing reliance on RC4 with Internet Explorer 11 by removing the algorithm from the initial TLS handshake.

The researcher's findings will be presented at the USENIX Security Symposium in Washington, DC next month. Carl Leonard, Principal Security Analyst at Websense told ZDNet:

"When fundamental weaknesses like that discovered in the RC4 algorithm are made public, businesses need to sit up, listen and take effective action. RC4, designed almost 30 years ago, has been shown to be vulnerable to attack, exposing businesses to real threats which could potentially expose intellectual property and financial data by decrypting a cookie in just 52 hours.
Given the time frame, and with 44 of the top 100 Alexa sites still supporting RC4 and currently susceptible, RC4 has again proven to be a highly unreliable method to achieve secure data encryption."