Blog / Robot Attack – Vulnerability in RSA Encryption by Public Safety Canada
Weak encryption is being used all around you. So much so that security researchers have recently pointed light to this. Following suit, Public Safety Canada has issued a warning about RSA encryption.
https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2017/al17-014-en.aspx
This new vulnerability has been dubbed the Robot Attack
What is encryption?
Encryption is what happens when 2 computers setup secure communications between them. This happens all the time for protocols like HTTPS.
Rather than communicating in plain text so everyone can listen in and read the contents, the 2 computers agree on a method of encrypting the data to hide it. As a side benefit this method of communications also makes it obvious when somebody gets in the middle and attempts to decode the information.
In a previous newsletter I actually went into a bit on how encryption works. If you’re curious about that, here is a link to that on Facebook .
Why is RSA still around?
Honestly, the original intent was good. It’s been left in place for backwards compatibility reasons, at least originally.
When 2 devices want to encrypt communications between each other, they transmit which encryption options they are capable of. If there’s no common encryption method, then the process fails. Generally speaking, stronger methods of encryption are preferred.
In the early days of encryption there were issues with distribution of algorithms and very few to choose from. So, leaving those old protocols as a fallback option made sense. The problem now is that nobody thought to remove them … EVER!
How does it work?
The attacker simply records the traffic. After the fact (if it used RSA based encryption), they can decode it without much effort. Encryption is great for detecting that someone is sitting in the middle of your communications. It’s not able to detect if anyone is listening. But then, the idea with encryption is that it’s not supposed to matter if people listen. They shouldn’t be able to decode the message.
What can you do to protect yourself?
The short answer is, don’t use RSA for your encrypted traffic, EVER! How you go about doing that really depends on what sort of device or service you’re talking about. If you’re referring to a network device like a firewall, then this probably needs to be handled by a vendor patch. If you’re talking about software, then it depends. Some software may require a vendor patch to fix this. Other software could allow you to configure it in such a way as to control what encryption methods are used.
Windows, for example allows you to configure this. It can be done very easily by using group policy rules. At the same time, older software may not support the use of modern encryption methods. As some of you may remember, WANNACRY infected a lot of computers this summer. During that time it was revealed that the majority of the UK healthcare system still used XP. Windows XP does not support modern encryption methods. So don’t go messing around without looking into your network, you may break it.
Scanning for weak and vulnerable SSL ciphers is done as a standard part of the new Network Security Assessment service that Trinus offers. If you’re wondering about this, you can always reach out to your TRINUS Account Manager for some stress-free IT.