Tired of managing certificates? Automate it with ZeroSSL   Learn about ZeroSSL Automation x

Leading Security Experts to Unveil New Attacks Against EV-SSL During CanSecWest Presentation

Two security researchers Mike Zusman, and Alexander Sotirov have discussed possible attacks involving EV SSL Certificates at the tenth annual CanSecWest conference. The following press release was published about this:

VANCOUVER, British Columbia, March 20 /PRNewswire/ -- Intrepidus Group, a leading provider of information security solutions, today announced that Intrepidus Group Senior Consultant, Mike Zusman, and independent security researcher, Alexander Sotirov will be presenting findings of their joint research on the security of Extended Validation (EV) certificates for SSL websites during the tenth annual CanSecWest conference, at the Sheraton Wall Centre hotel in downtown Vancouver, British Columbia. The joint research shows that EV certificates, while offering some additional website identity assurance, are just as vulnerable to man-in-the-middle attacks as the much cheaper domain-validated SSL certificates. The presentation will be at 5:50 p.m. on March 20, 2009.

Zusman and Sotirov began their work shortly after Sotirov and an international team of researchers disclosed in late 2008 that they had used a chosen-prefix MD5 collision attack to create a rogue signing certificate trusted by all major web browsers. At the time, the researchers, browser vendors and certificate authorities believed that websites secured with EV certificates are not affected by the MD5 collision attack. Sotirov and Zusman's new research shows that this is not the case.

"An attacker who has obtained a valid and trusted domain-validated SSL certificate can use that certificate to completely, and silently, undermine the security of a browser session protected with an EV SSL certificate," said Sotirov.

In a paper originally released in 2008, Stanford University PhD students Collin Jackson and Adam Barth described a flaw in the same-origin policy implemented by web browsers that allowed attackers to inject malicious scripts into websites secured with an EV SSL certificate. During their presentation, Sotirov and Zusman will show that this is just one of multiple design flaws in the EV security model as implemented in popular browsers such as Internet Explorer and Mozilla Firefox. These flaws can be exploited by any attacker who has fraudulently obtained a domain validated SSL certificate for a website to launch MITM attacks against the website, even if it is secured with an EV SSL certificate.

Users who access secure websites from potentially untrusted networks, such as Wi-Fi hotspots or hotel Internet connections are particularly at risk. During their presentation, the two researchers will also demonstrate an advanced attack against a popular EV SSL-protected payment website. Sotirov and Zusman call this new type of attack - "SSL Rebinding", and it allows them to intercept the login and password of payment processing users and perform arbitrary transactions with their account.

"It is also possible to launch attacks without the use of JavaScript, allowing an attacker to compromise EV SSL websites even when the user is running Firefox with the NoScript security extension," said Zusman, who has received media attention for finding flaws in the domain validation process of a number of commercial certificate authorities.

The researchers say that there is little users or websites can do to prevent these attacks and that making the required fixes to the browser security model would require collaboration between the major browser vendors. While the results of this research might be disconcerting, Sotirov is optimistic that a solution can be found.

"Despite being weakened by these new attacks, EV SSL certificates still have advantages over the domain validated ones," says Sotirov. "The crux of this issue is that we are still burdened with the threat of low-security, domain validated certificates falling into the wrong hands and EV does nothing to address that."

In addition to their presentation, the two researchers will also release a paper describing the techniques behind SSL Rebinding, other avenues of attack, as well as additional mitigation techniques.

Other Available References Sources:

Alexander Sotirov: http://www.phreedom.org/

Mike Zusman: http://schmoil.blogspot.com/

Paper by Collin Jackson and Adam Barth: http://crypto.stanford.edu/websec/origins/fgo.pdf

Info on EV certificates: http://en.wikipedia.org/wiki/Extended_Validation_Certificate

The organization behind EV certificates: http://www.cabforum.org/

About Intrepidus

Intrepidus Group is a leading provider of information security consulting services and software solutions. With offices in New York City and the Washington DC metro area, the company offers innovative solutions to help clients build employee awareness around common information security issues. Intrepidus Group's consultants also conduct hands-on assessments of critical applications, networks and products to uncover vulnerabilities, and provide strategic and tactical recommendations to address identified issues.

It is clear that very few details were provided so it is difficult to comment on the attacks until they are. However, the combination of Javascript injection vulnerabilities (XSS) and EV certificates has been previously discussed and some solutions have been proposed. On one side it is obvious that EV certificates don't provide complete website security and that their use should be combined with thorough XSS vulnerability testing. But there are also ways that browsers can, and should, minimize the damage.

Originally posted on Sun Mar 22, 2009


Bronwyn Johnson(2014-12-13)

Hello. One question: would both Certificates (IE: the EV Cert and the Domain Cert) have to be from the same CA in order for this attack to work? Or, can they have one Domain Cert and then attack any CA's EV Cert?

Advertisement • Hide