HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows

Presented at Black Hat USA 2016, Aug. 3, 2016, 1:50 p.m. (50 minutes).

Over the last few years, a worryingly number of attacks against SSL/TLS and other secure channels have been discovered. Fortunately, at least from a defenders perspective, these attacks require an adversary capable of observing or manipulating network traffic. This prevented a wide and easy exploitation of these vulnerabilities. In contrast, we introduce HEIST, a set of techniques that allows us to carry out attacks against SSL/TLS purely in the browser. More generally, and surprisingly, with HEIST it becomes possible to exploit certain flaws in network protocols without having to sniff actual traffic. HEIST abuses weaknesses and subtleties in the browser, and the underlying HTTP, SSL/TLS, and TCP layers. Most importantly, we discover a side-channel attack that leaks the exact size of any cross-origin response. This side-channel abuses the way responses are sent at the TCP level. Combined with the fact that SSL/TLS lacks length-hiding capabilities, HEIST can directly infer the length of the plaintext message. Concretely, this means that compression-based attacks such as CRIME and BREACH can now be performed purely in the browser, by any malicious website or script, without requiring network access. Moreover, we also show that our length-exposing attacks can be used to obtain sensitive information from unwitting victims by abusing services on popular websites. Finally, we explore the reach and feasibility of exploiting HEIST. We show that attacks can be performed on virtually every web service, even when HTTP/2 is used. In fact, HTTP/2 allows for more damaging attack techniques, further increasing the impact of HEIST. In short, HEIST is a set of novel attack techniques that brings network-level attacks to the browser, posing an imminent threat to our online security and privacy.


Presenters:

  • Tom Van Goethem - KU Leuven
    Tom Van Goethem is a PhD researcher at the University of Leuven with a keen interest in web security and online privacy. In his research, Tom performs large-scale security experiments, both to analyse the presence of good and bad security practices on the web, as well as to demystify security claims. More recently, Tom started exploring side-channel attacks in the context of the web, resulting in the discovery of browser-based timing attacks. In an attempt to make the web a safer place, Tom on occasion rummages the web in search for vulnerabilities.
  • Mathy Vanhoef - KU Leuven
    Mathy Vanhoef is a PhD researcher at KU Leuven, where he performs research on streamciphers, and discovered a new attack on RC4 that made it possible to exploit RC4 as used in TLS in practice (the RC4 NOMORE attack). He also focuses on wireless security, where he turns commodity Wi-Fi cards into state-of-the-art jammers, defeats MAC address randomization, and breaks protocols like WPA-TKIP. He also did research on information flow security to assure cookies don't fall in the hands of malicious individuals. Apart from research, he knows a thing or two about low-level security, reverse engineering, and binary exploitation. He regularly participates in CTFs with KU Leuven's HacknamStyle CTF team.

Links:

Similar Presentations: