LogJam: A New Encryption Flaw that Puts Most Internet Users at Risk
Written by Karolis Liucveikis on
Over the last several months, there has been a flood of exploits targeting commonly used encryption standards. These standards, which were designed to secure server-client sessions from man-in-the-middle attacks, are used by websites around the world. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are both cryptographic security measures that were created to protect sensitive data transmissions across computer networks. The Heartbleed bug, which affected millions of websites using the OpenSSL protocol, was the first major cryptographic vulnerability to make headlines. Then it was POODLE. Then came FREAK. All of these vulnerabilities allowed hackers to hijack secure Web sessions – providing these hackers with the opportunity to steal sensitive personal information (often without the victim knowing anything was wrong until it was too late).
Most of these vulnerabilities have since been corrected but a new vulnerability has been discovered. Known as LogJam, the latest threat to SSL/TLS sessions shares many similarities to the FREAK vulnerability. Like FREAK, LogJam allows attackers to both read and modify sensitive data passing through encrypted connections used by hundreds of thousands of websites, mail servers, and other Internet services relying on HTTPS for session integrity.
This is accomplished by downgrading the encrypted connection between a user and a Web (or email) server; essentially forcing the server to use an extremely weak 512-bit encryption key that can be easily decrypted using a standard PC.
In other words, an NSA supercomputer is NOT needed to decrypt the supposedly secure connection. Any computer with a modern processor is capable of breaking the encryption key within minutes. LogJam was first discovered a few months ago by a crypto researcher from John Hopkins University - Matthew Green - in conjunction with security experts from both the University of Michigan and the French Institute for Research in Computer Science and Automation (Inria), a French security research firm. This team of researchers published a detailed report explaining the flaw; a report that hackers have been using to exploit this vulnerability since its discovery. You may recall this blog reporting on the FREAK (Factoring Attack on RSA-EXPORT Keys) downgrade-encryption flaw in March.
FREAK is an implementation flaw. LogJam, on the other hand, is due to a flaw in the design of the TLS protocol itself. This means that all Web Browsers and many mail servers that rely on TLS to create secure connections are vulnerable to exploitation by the LogJam vulnerability. Like FREAK, LogJam relies on dated export-grade security encryption instituted in the 90s by the US government. If US-based software manufacturers wanted their software products to be used abroad, DHE_EXPORT cipher suites were required that restricted encryption to no more than 512 bits. This allowed the FBI, NSA, and other US intelligence agencies to easily break the encryption standards used by foreign entities. Much of this information only became known as a result of the documentation leaked by former NSA contractor Edward Snowden. LogJam can be used to exploit any number of servers that support a widely-used cryptographic algorithm known as the Diffie-Hellman key exchange. This algorithm allows protocols including HTTPS, SSH, SMTPS, and IPSEC to negotiate a secret key in order to create a secure connection between server and client machines. The LogJam vulnerability is concerning for the following reasons: Hackers can trick a Web browser into believing that it is using a standard encryption key instead of the export key. Most PCs reuse the same large numbers to generate keys; making them easier to crack.
The flaw has been present for over 20 years and affects HTTPS, SSH, IPsec, SMTPS, and any other protocol relying on TLS for encryption.
At the time of this writing, LogJam affects any server that supports DHE_EXPORT ciphers and all modern Web browsers. This means that nearly 10% of the top one million websites and a significant percentage of email servers are vulnerable to LogJam. You can check if your current browser configuration is vulnerable to LogJam (or any other exploit that relies on the Diffie-Hellman key exchange to function) by clicking here. Most popular Web browsers remain vulnerable to LogJam as of this writing although some browser manufacturers are working to increase security measures in an effort to block LogJam.
The Google security team, for instance, is already working to increase the SSL requirement of the Chrome browser to 1024 bit – effectively eliminating the threat of LogJam, FREAK, or any other [yet undiscovered] vulnerability that relies on the antiquated DHE_EXPORT cipher to hijack secure client-server sessions. To protect yourself from this threat, security researchers recommend that server administrators disable support for DHE_EXPORT cipher suites. Any export-grade cipher suite that allows Diffie-Hellman connection algorithms to be downgraded to 512-bits is at risk. Server administrators should generate a new, unique 2048-bit Diffie-Hellman group.
End users should install any browser and/or email client upgrades as they become available to avoid becoming a victim of a hijacked session as a result of LogJam and developers should use the latest libraries (regardless of programming language) while rejecting any Diffie-Hellman groups that are shorter than 1024-bits.
As always, ensuring your PC is updated regularly (OS, third-party applications, Web browser plugins, and security suites) helps to protect your PC from a variety of threats. That said, remember that LogJam, FREAK, and any other vulnerability that exploits the antiquated DHE_EXPORT cipher suite affects the client Web browser and the server hosting the ‘secure’ connection. Due diligence is required to ensure sensitive personal information isn’t compromised by a man-in-the-middle attack using LogJam or a similar threat.
▼ Show Discussion