Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact Haber Group today at 866.625.3560.

Tip of the Week: Do You Know What Your Android Per...
Here’s Our Rundown on Blockchain Technology
 

Comments

Already Registered? Login Here
No comments made yet. Be the first to submit a comment

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Cloud Email Hackers Privacy Malware Business Internet Microsoft Computer Business Computing Software Hosted Solutions Google Mobile Devices Ransomware Backup Network Security Windows 10 Smartphone User Tips Small Business Android IT Services Hardware Data Management Managed IT Services Tech Term Gmail Productivity Data Browser Facebook IT Support Windows Business Continuity Cloud Computing Server Internet of Things Saving Money App Encryption Remote Monitoring Office 365 Microsoft Office Smartphones Disaster Recovery Cybersecurity Upgrade Artificial Intelligence Managed Service Provider Phishing Business Management Data Recovery Efficiency Word Infrastructure Employer-Employee Relationship Office Tips Innovation Managed IT Services Chrome Communication Outsourced IT Productivity Content Filtering Windows 10 Big Data Tip of the week Data Backup IT Support Spam Social Media Government Workplace Tips Money Applications Firewall Settings Passwords Two-factor Authentication IT Management WiFi Avoiding Downtime Bandwidth YouTube The Internet of Things Apple Miscellaneous communications Analytics Data storage Vulnerability Risk Management Antivirus Wireless Website VoIP Robot Customer Service Hacking End of Support BYOD Server Management Safety Computing Network Hacker Google Drive Password Mobile Security Mouse Vendor Management Telephone Systems Presentation Hosted Solution Save Money Mobile Device LiFi Maintenance Virtual Reality Office Storage Wireless Technology Scam Recovery Tablet Paperless Office Search SaaS IBM Outlook Administration Unified Threat Management VPN Monitors Holiday Customer Relationship Management Wi-Fi Data Security HIPAA Apps Data loss Business Technology Printing Virtual Private Network Augmented Reality Automation SharePoint Collaboration Cables Managed IT 5G Cryptocurrency Title II Connectivity Public Speaking Techology Budget Continuity Google Maps Bring Your Own Device Halloween sip Managed IT Service Modem Competition Digital Lenovo Cortana How To Licensing Touchscreen Specifications Compliance Charging Mail Merge Fun Value Tech Support Document Management Smart Office Downloads IT Technicians File Sharing Wires Disaster Shortcut Bitcoin Downtime Network Congestion Online IoT Computer Care Unified Threat Management Solar Statistics Best Practice Scary Stories telephony Break Fix Cookies Samsung Spyware Superfish Information Technology Cooperation IP Address Cybercrime Google Docs Black Friday Regulations Undo Address Writing Hotspot Professional Services Websites Identity Theft Work Multi-Factor Security Mirgation Voice over Internet Protocol Marketing Uninterrupted Power Supply Patch Management Windows 8 Computers Microsoft Excel Star Wars Training Quick Tips User Error Automobile Business Intelligence Gadgets Application Bluetooth Business Growth Sports Dark Web Nanotechnology Knowledge Google Wallet Staff Mobile Office Cyber Monday Social Networking Virtualization Corporate Profile Current Events Education Retail Language USB Optimization Google Calendar Chatbots FinTech Solid State Drive Display Blockchain Cost Management VoIP Legal Company Culture Users Alt Codes Dark Data Net Neutrality Screen Reader How To Networking Experience Drones Unified Communications Printer Wearable Technology Recycling IT service Heating/Cooling Mobile Device Management Running Cable Smart Technology Motherboard Remote Computing WannaCry Going Green Social Engineering Computing Infrastructure Dongle Legislation Identity MSP Hard Drives Hard Disk Drive Social Virtual Desktop Permissions Assessment Time Management Managing Stress Cabling Typing Buisness FCC Smart Tech Firefox Access Control eWaste BDR Servers Lithium-ion battery Deep Learning Laptop Humor Distributed Denial of Service Router IT solutions Alerts Service Level Agreement Digital Payment Operating System Comparison Chromebook Development Refrigeration Hacks Fraud Internet Exlporer Politics User Network Management Health Cleaning Mobile Data Alert CCTV Private Cloud Emoji Webcam Electronic Medical Records Work/Life Balance Error Black Market Point of Sale Mobile Computing Travel Law Enforcement Physical Security Notifications G Suite CrashOverride Upgrades Twitter Botnet Supercomputer Motion Sickness Gadget Staffing Personal Information Administrator Crowdsourcing Taxes 3D Printing Web Server Emergency Machine Learning IT Budget Update GPS Computer Repair IT Consultant Domains Unsupported Software Processors Cameras Relocation Meetings Tracking