FacebookTwitterLinkedIn

LogJam: A New Encryption Flaw that Puts Most Internet Users at Risk

Karolis Liucveikis Written by on

Over the last several months, there has been a flood of exploits targeting commonly used encryption standards. These standards, which were designed to secure server-client sessions from man-in-the-middle attacks, are used by websites around the world. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are both cryptographic security measures that were created to protect sensitive data transmissions across computer networks. The Heartbleed bug, which affected millions of websites using the OpenSSL protocol, was the first major cryptographic vulnerability to make headlines. Then it was POODLE. Then came FREAK. All of these vulnerabilities allowed hackers to hijack secure Web sessions – providing these hackers with the opportunity to steal sensitive personal information (often without the victim knowing anything was wrong until it was too late).

Most of these vulnerabilities have since been corrected but a new vulnerability has been discovered. Known as LogJam, the latest threat to SSL/TLS sessions shares many similarities to the FREAK vulnerability. Like FREAK, LogJam allows attackers to both read and modify sensitive data passing through encrypted connections used by hundreds of thousands of websites, mail servers, and other Internet services relying on HTTPS for session integrity.

This is accomplished by downgrading the encrypted connection between a user and a Web (or email) server; essentially forcing the server to use an extremely weak 512-bit encryption key that can be easily decrypted using a standard PC.

In other words, an NSA supercomputer is NOT needed to decrypt the supposedly secure connection. Any computer with a modern processor is capable of breaking the encryption key within minutes. LogJam was first discovered a few months ago by a crypto researcher from John Hopkins University - Matthew Green - in conjunction with security experts from both the University of Michigan and the French Institute for Research in Computer Science and Automation (Inria), a French security research firm. This team of researchers published a detailed report explaining the flaw; a report that hackers have been using to exploit this vulnerability since its discovery. You may recall this blog reporting on the FREAK (Factoring Attack on RSA-EXPORT Keys) downgrade-encryption flaw in March.

logjam1

FREAK is an implementation flaw. LogJam, on the other hand, is due to a flaw in the design of the TLS protocol itself. This means that all Web Browsers and many mail servers that rely on TLS to create secure connections are vulnerable to exploitation by the LogJam vulnerability. Like FREAK, LogJam relies on dated export-grade security encryption instituted in the 90s by the US government. If US-based software manufacturers wanted their software products to be used abroad, DHE_EXPORT cipher suites were required that restricted encryption to no more than 512 bits. This allowed the FBI, NSA, and other US intelligence agencies to easily break the encryption standards used by foreign entities. Much of this information only became known as a result of the documentation leaked by former NSA contractor Edward Snowden. LogJam can be used to exploit any number of servers that support a widely-used cryptographic algorithm known as the Diffie-Hellman key exchange. This algorithm allows protocols including HTTPS, SSH, SMTPS, and IPSEC to negotiate a secret key in order to create a secure connection between server and client machines. The LogJam vulnerability is concerning for the following reasons: Hackers can trick a Web browser into believing that it is using a standard encryption key instead of the export key. Most PCs reuse the same large numbers to generate keys; making them easier to crack.

The flaw has been present for over 20 years and affects HTTPS, SSH, IPsec, SMTPS, and any other protocol relying on TLS for encryption.

At the time of this writing, LogJam affects any server that supports DHE_EXPORT ciphers and all modern Web browsers. This means that nearly 10% of the top one million websites and a significant percentage of email servers are vulnerable to LogJam. You can check if your current browser configuration is vulnerable to LogJam (or any other exploit that relies on the Diffie-Hellman key exchange to function) by clicking here. Most popular Web browsers remain vulnerable to LogJam as of this writing although some browser manufacturers are working to increase security measures in an effort to block LogJam.

logjam2

The Google security team, for instance, is already working to increase the SSL requirement of the Chrome browser to 1024 bit – effectively eliminating the threat of LogJam, FREAK, or any other [yet undiscovered] vulnerability that relies on the antiquated DHE_EXPORT cipher to hijack secure client-server sessions. To protect yourself from this threat, security researchers recommend that server administrators disable support for DHE_EXPORT cipher suites. Any export-grade cipher suite that allows Diffie-Hellman connection algorithms to be downgraded to 512-bits is at risk. Server administrators should generate a new, unique 2048-bit Diffie-Hellman group.

End users should install any browser and/or email client upgrades as they become available to avoid becoming a victim of a hijacked session as a result of LogJam and developers should use the latest libraries (regardless of programming language) while rejecting any Diffie-Hellman groups that are shorter than 1024-bits.

As always, ensuring your PC is updated regularly (OS, third-party applications, Web browser plugins, and security suites) helps to protect your PC from a variety of threats. That said, remember that LogJam, FREAK, and any other vulnerability that exploits the antiquated DHE_EXPORT cipher suite affects the client Web browser and the server hosting the ‘secure’ connection. Due diligence is required to ensure sensitive personal information isn’t compromised by a man-in-the-middle attack using LogJam or a similar threat.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal

Top Removal Guides
Latest News
Blog