Another new SSL (Secure Sockets Layer) vulnerability has come to light in the last few hours and your home computers and office workstations could be at risk. If you are familiar with the Heartbleed and FREAK attacks from the last few months, then you would know that such kind of vulnerabilities cannot be taken lightly.
This new vulnerability is called “Logjam” and it affects simple protocols that the Internet is based on. Basically, whenever two sites need to exchange confidential information they also exchange a set of cryptographic keys in a secure manner. These keys help them decode the information that they receive. This exchange is carried out by the “Diffie-Hellman key exchange (D-H)” method. What the Logjam attack does is intercept this algorithm and prevents sites from sharing these keys with each other.
An attacker can instigate a Man-in-the-Middle (MITM) attack to downgrade a TLS connection to an inferior version and then steal sensitive information. This methodology bears several similarities to the recent FREAK attack as well.
How was the Logjam vulnerability discovered?
This vulnerability was discovered by a group of security researchers from Johns Hopkins University, University of Michigan, University of Pennsylvania, Microsoft Research, CNRS, Inria Nancy-Grand Est, and Inria Paris-Rocquencourt.
They have published more details and a technical report about the Logjam vulnerability which can be viewed over here. You can also check if your browser is vulnerable by visiting this link.
Who is vulnerable to the Logjam vulnerability?
Pretty much anyone who uses the Internet is potentially at risk here. This includes websites, mail servers and other TLS (Transport Layer Security) dependent services. The report further states that about 8.4% of the top 1 million domains are vulnerable – a number that roughly translates to around 84,000 domains. This security vulnerability can be especially dangerous for services that require personal user credentials and facilitate the transfer of sensitive information.
What this also means is that business enterprises who conduct operations online are also at risk. Data that is transferred through their various channels can theoretically be intercepted and stolen. As a result, enterprises need to take immediate steps to prevent this threat.
In their report, the researchers also speculate that “a close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.” However, whether the NSA has actually used Logjam to intercept data merely remains speculation as of now.
What can be done to prevent such attacks?
The best solution to the Logjam vulnerability right now is to update all your browsers and programs immediately. All browser providers such as Google, Mozilla, Microsoft, Apple and others are working on fixing this vulnerability. So you regularly need to check for browser updates for your home or business machines. Moreover, if you are running a mail or web server, you need to disable support for export cipher suites and also generate a unique 2048-bit Diffie-Hellman group.
We here at Quick Heal are also investigating the Logjam vulnerability further and will be posting timely updates for the next few days.