The Heartbleed Bug A vulnerability in the OpenSSL Cryptographic Library
Agenda General overview of the vulnerability Process Heartbleed history Affected sites Exploitation of a vulnerable version of an Apache Server In the news…
Description of the vulnerability Vulnerable: program source files: t1_lib.c and d1_both.c functions are tls1_process_heartbeat() and dtls1_process_heartbeat() The actual breach: memcpy(bp, pl, payload) bp – final destination of the data that needs to be copied; pl – the location of the data that needs to be copied; payload – the amount of data to copy; There is no such thing of empty memory!
Process The attacker can grab 64K of memory per heartbeat Not limited to 1 grab! Common Vulnerabilities and Exposures reference: CVE is the official reference to this bug. Extract sensitive information Read memory Exploit
History Dates back to 2011: Robin Seggelmann, Ph.D. student at the University of Duisburg – Essen implemented the Heartbeat Extension for OpenSSL Introduced in the source code repository on December 31, 2011 Was adopted with the release of OpenSSL version on March 14, 2012 Heartbeat support was enabled by default and discovered on 1 st of April 2014 “The SSL/TLS encryption, by design and implementation it’s meant to protect the information.”
… some affected sites
Target Targeted machine: Linux Distribution for ARM Architecture on RaspberryPI OpenSSL between – f are vulnerable
Source Attack source: Kali Linux Distribution for ARM Architecture on RaspberryPI Nmap –p 443 –script=ssl-heartbleed.nse
Attack Attack source: To exploit this bug we used a custom mass auditing tool crafted by Rhaul Sasi
Attack Attack result: 0002c0b0 65 3a c f 6e 2f 78 |e: application/x| 0002c0c0 2d d 66 6f 72 6d 2d c 65 6e 63 |-www-form-urlenc| 0002c0d0 6f d 0a 0d 0a d |oded....user=Eri| 0002c0e0 6e d f |n&pass=password1| 0002c0f0 4b 3a c2 1e 8c c3 dd 39 b1 e8 de c |K: FA..v|
Observations Heartbeat can appear in different phases of the connection setup… IDS/IPS rules to detect heartbeat have been developed This does not require a MITM attack Only ways to protect is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the code.
Am I vulnerable? Several services have been made available to test whether Heartbleed affects a given site: Tenable Network Security wrote a plugin for NESSUS Qualys added dedicated QIDs and developed SSLTest.com Nmap security scanner includes a Heartbleed detection script from version 6.45 Sourcefire has released Snort rules to detect Heartbleed attack traffic and possible response However, many services have been claimed to be ineffective for detecting the bug.
…in the news The Canada Revenue Agency reported the theft of Social Insurance Numbers belonging to 900 taxpayers in 6 hours! Bloomberg: NSA knew about this! Bruce Schneier: “Catastrophic is the right word. On the scale of 1 to 10, this is an 11. Half a million sites are vulnerable, including my own.”
OpenSSL Response Theo de Raadt, founder and leader of the OpenBSD and OpenSSH: “OpenSSL is not developed by a responsible team." OpenSSL core developer Ben Laurie: “OpenSSL is not reviewed by enough people” Software engineer John Walsh: "Think about it, OpenSSL only has two fulltime people to write, maintain, test, and review 500,000 lines of business critical code."
OpenSSL Response OpenSSL foundation’s president, Steve Marquess: “The mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn't happened more often." "The fact that the code change which caused the bug was done by an individual working at 23:00 on a New Year's Eve says a lot. The code simply wasn't reviewed enough and it went undetected for two years."
Thank you! There is higher chance to be a victim of online crime than real life crime!