Home » Privacy & Security

SSL exploit turn Firefox into malware distributor

By George Ou 30 July 2009 7 Comments

Moxie MarlinspikeSecurity researcher Moxie Marlinspike gave one of the more interesting and terrifying presentations at BlackHat 2009 in Las Vegas yesterday. Marlinspike demonstrated how the X.509 digital certificates used by Secure Socket Layer (SSL) to secure online communications such as eCommerce and online banking were was completely broken.  This allowed Marlinspike to pose as the Mozilla update server for users on the same local area network such as a hotspot which allows him to distribute malware in the guise of of a Mozilla Firefox update.

By taking advantage of a flaw in client-side certificate verification which treats a NULL character as a string terminator, Marlinspike is able to create what appears to be a completely legitimate looking X.509 digital certificate used in the vast majority of SSL implementations.  He is able to submit a certificate signing request so a Certificate Authority (which he declined to name) with something like www.Mozilla.org(NULL-CHAR)www.HisOwnDomain.com.  The Certificate Authority happily signs the certificate request because Moxie is the legitimate owner of his own domain but the SSL clients i.e., the computers that consumers operate only look at everything up to the null character.  That means the client only sees www.Mozilla.org or even www.BankOfAmerica.com if Marlinspike wanted to create a certificate for an online bank.  This technique allows anyone to create any kind of digital certificate with any name they want which means that SSL is completely broken for now.

Dan Kaminsky who is another famous security researcher independently came up with the same null character exploit along with several other weaknesses in X.509 digital certificates.  I managed to get some video of the briefing he gave to the press after his presentation to a large crowd at BlackHat 2009.

This is truly one of the most serious implementation flaws in SSL we have seen and it needs to be addressed as quickly as possible.  The fundamental problem lies in the client side behavior which treats null characters as end of string so every vulnerable SSL implementation with the exception of OpenSSL needs to patch this flaw as quickly as possible.  In the mean time, there’s no legitimate reason for Certificate Authorities to sign certificate requests that contain null characters in the common name or subject line and they should filter out and reject all such requests.  Mozilla is also looking to fix this problem in the next release of Firefox so that it won’t be susceptible to fake update servers.  Internet Explorer is not susceptible to this because they operate their own root certificate authority for update services.  In the mean time, it may be wise to avoid using Firefox on public wired and especially wireless hotspot networks.

7 Comments »

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.