How to Hack HTTPS and RC4

How to Hack RC4 in HTTPS

As you might already know this lock icon  in address bar means that you are using HTTPS protocol for communication. HTTPS uses several encryption methods including RC4. Guys from RC4 NOMORE have revealed an attack that exposes weaknesses in RC4 encryption algorithm, revealing “safely” transmitted information and thus allowing to hack HTTPS

HTTPS hack allows cyber attackers to decrypt web cookies that are thought to be protected by the HTTPS layer. Cookies help websites to identify users and if a hacker obtains the cookie, he/she might be able to steal identity and perform actions under victim’s name.

According to latest research an attacker can decrypt a cookie within 75 hours. In contrast to previous attacks, this short execution time allows cyber attackers to perform the attack in practice. When RC4 NOMORE team tested the attack against real devices, it took merely 52 hours to successfully perform the attack. The attack consists of three steps:

1. Attacker injects specially crafted code to generate requests

2. Attacker captures the encrypted requests

3  Attacker computes likely cookies and tries each one

At the moment when victim opens an unencrypted website, cyber attacker inserts malicious JavaScript code inside the website. This code will induce the victim to transmit encrypted requests which contain the victim’s web cookie. By monitoring numerous of these encrypted requests, a list of likely cookie values can be recovered. All cookies in this list are tested until the correct one is found.

In order to decrypt a 16-character cookie with a success probability of 94%, roughly 9⋅227 encryptions of the cookie need to be captured. As well as attacker makes the client transmit more than 4450 request per seconds such amount is easily collected in under 75 hours. RC4 NOMORE team have also released a video in which attackers were able to hack https in under 52 hours by capturing 6.2⋅227 requests:

During the final step of the attack, the captured requests are transformed into a list of 223 likely cookie values. All cookies in this list can be tested in less than 7 minutes.

According to RC4 NOMORE this kind of attack is not limited to decrypting cookies. Any data or information that is repeatedly encrypted can be recovered.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.