The Next Heartbleed Seems Ready Made for the NSA

First it was Heartbleed, now it's the CCS Injection Vulnerability.

Ben Makuch

Ben Makuch

Image: Jon Åslund

Turns out the Heartbleed bug, which left millions of consumers scrambling to change their passwords, isn't the only weakness in the much-used OpenSSL code. Just two months after the Heartbleed bug was detected, another OpenSSL vulnerability that leaves users susceptible to a man-in-the-middle style attack has been discovered. This time around, the exploit makes it easier for hostile actors or intelligence agencies to intercept and decrypt encrypted data.

The OpenSSL foundation published a security advisory detailing how an attacker “using a carefully crafted handshake can force the use of weak keying material” to decrypt and modify traffic from the victim and server. Dubbed the “CCS Injection Vulnerability” by security expert Masashi Kikuchi, who discovered the vulnerability, it targets the “handshake” establishing encrypted connections. From there, a hacker can make the computer and server use a weaker key that gives them the ability to decrypt the exchanging data.

In other words, any service that uses OpenSSL to protect and encrypt is potentially vulnerable to decryption if the attacker can manage a man-in-the-middle attack, one of the choice tactics employed by NSA spies. It's no secret the NSA wants to decrypt the data of targets like Al Shabaab and Taliban fighters using encrypted communication. A vulnerability like CCS Injection could make that easier.

“People find things when they look,” security expert Robert Masse said. “We get two back to back (vulnerabilities) in the same few months that are pretty large. When people start finding more vulnerabilities in a platform, software or library, more people start looking. It becomes exponential, the amount of people looking for vulnerabilities in this code.” Masse says experts "have always suspected vulnerabilities” in OpenSSL in the past because some parts of the code appeared "complicated” and suceptible to potential exploits.

Masse is an ex-teenage hacker who accessed Soviet research computers and was caught at the age of 15 by the RCMP. He thinks the likely user of such a vulnerability would need ubiquitous network access or a lot of variables to align, to attack the target and sender of data. Something the average hacker can’t come by easily.

“The average hacker would need to be somewhere between the source and destination. Telecom companies have that access, or as we saw with the NSA the government has the ability to do these man-in-the-middle attacks. So it would be something the government could leverage more easily than a hacker,” said Masse.

Last year, in the sea of NSA slides Edward Snowden leaked, one document shows how the spy agency impersonated Google servers in a man-in-middle attack on targets. The slide explains how spies hack into the internet router of a target and redirects Google traffic using a fake security certificate then intercept and decrypt information.

In any case, the vulnerability is definitely “not easy to exploit,” said Masse. According to him, the Internet of Things and new appliances with wifi capability may be at risk too.“Where people are using OpenSSL is when they buy a smart fridge,” said Masse. “Any device using OpenSSL to do encryption will have that vulnerability. But what’s the context of the device? Is it accessible on the internet?”

Masse says the real threat in the short term is to IT departments at companies where expensive commercial routers harbor the vulnerability, and aren’t easy to patch. Ultimately, Heartbleed had more fallout for the average user because personal things like banking information or online dating profiles could be exploited by hackers. The latest iteration of OpenSSL weaknesses seems to target the sophisticated internet user using encryption, and may have gained the ire of the government, to protect against snooping. Whether one is worse than the other remains to be seen, but one thing seems certain: more OpenSSL problems are on the horizon.

According to Kikuchi, the CCS Injection vulnerability went unchecked for 16 years because “code reviews were insufficient.” Kikuchi says that the security experts that should’ve known failed in their duties.“They could have detected the problem,” he said in an online explanation of the vulnerability. Who knows how many more unseen vulnerabilities lie in the widely-used code, when the security experts charged with finding flaws have a track record of failing to spot them.

While the OpenSSL foundation has provided a patch to deal with the vulnerability (based on a design by Kikuchi), the possibility of more vulnerabilities looms large. And nobody in the cyber security community is downplaying the threat of more Heartbleeds or CCS Injections. In April, over a dozen tech giants like Google, Facebook, and Microsoft, each donated $100,000 to the foundation to scout out more vulnerabilities. Now there's two—and counting.

This piece has been changed to reflect the following correction: There's no proof yet that PGP could be exploited using this vulnerability.