Security Researchers Exploit Vulnerability in Handling of EV SSL Certificates

Two researchers will demonstrate a man-in-the-middle attack at the Black Hat security conference this month that allows them to silently sniff traffic on EV SSL protected Websites. The vulnerability in the way browsers treat EV SSL certificates makes them no more valuable than the cheapest SSL certificate, the researchers say.

Two researchers have discovered a design flaw in Web browsers that can be exploited to launch man-in-the-middle attacks on extended validation SSL certificates.

Mike Zusman, principal consultant at Intrepidus Group, and independent security researcher Alex Sotirov plan to reveal the details of their findings at the Black Hat security conference coming up in Las Vegas later this month. In an interview with eWEEK, Zusman said that through a technique the duo calls "SSL rebinding," attackers can exploit the behavior of the browser to effectively render an extended validation SSL (EV SSL) certificate meaningless.

EV SSL certificates are meant to offer additional authentication for Websites and provide protection against phishing attacks. Before an organization can receive one, they must meet certain criteria as part of a vetting process. Sites that are given the certificate display a green icon in the address bar.

But for all the emphasis EV SSL puts on authentication, the browser does not treat the certificate very differently than a domain validated SSL (DV SSL) certificate - a fact that can be exploited by attackers, Zusman explained.

With SSL rebinding, the researchers silently switch the browser from talking to the EV SSL certificate to talking to a domain validated SSL certificate held by the attacker. The duo will also demonstrate an extended validation cache poisoning attack where cached content of an EV SSL- protected Website can be poisoned without the victim consciously browsing the site.

"Imagine you have a user who is on a public Wi-Fi access point at a caf??«, and he's logging into his bank account and his bank uses EV SSL," Zusman said. "So he logs in, he sees that green glow and he assumes that because he sees that green glow he's secure [and] everything is fine. But just next to him is an attacker who's either compromised that wireless network or has set up a rogue access point to trick the victim into connecting to it and now he serves as a man in the middle."

"What we devised is a way to intercept this secure communication in such a way that we can see the data coming out of his browser, but all the while the user is still aware that the green glow of EV SSL is still there," he continued. "So what this entails is that the attacker set himself up as the man in the middle...then using this technique we call SSL rebinding, he's able to essentially trick the browser into thinking that that extended validation, green glow should be shown for the whole session."

Zusman and Sotirov tested the attacks against recent versions of Internet Explorer and Firefox, but contend the flaw is not specific to any of the major browsers. Unfortunately, there isn't much the browser vendors can do to solve the problem. The easiest fix would be to not trust DV SSL certificates, but that would cause many Websites to break. Also, it is unrealistic to expect everyone to upgrade to EV SSL certificates due to cost, Zusman said.

"A more practical solution would be something along the lines of same origin policy, where the Web browser can have an internal flag that says, -OK, I'm talking to this Web server and it's using an EV SSL certificate, [so] I should only talk over EV SSL . If I am presented with a domain validated certificate I should terminate that connection.' I think that makes a lot of sense. If you're a Website administrator you make a decision to use a high assurance EV SSL certificate, well why would you want to mix and match EV and DV SSL ?"

The researchers are scheduled to present their findings at the conference July 30.