Major Websites Found Vulnerable to ROBOT Attack

data encryption icon on virtual screen

A “ROBOT attack” has been discovered, which could potentially give hackers access to encrypted data. Major websites like Facebook are vulnerable.

There’s no denying that the digital world has grown massively over the past two decades.

That’s why security experts were shocked when they found that a 19-year-old vulnerability has come back to haunt the latest websites and services of some of the most renowned brands.

The vulnerability, which was known as the Bleichenbacher’s Oracle attack, has been recently discovered once again in the RSA implementation of major websites like Citrix, Cisco and F5.

For the time being, the experts have dubbed it the ROBOT, which abbreviates into “Return of Bleichenbacher’s Oracle Threat” that can provide hackers complete access over the affected TLS servers.

Using the issue found in RSA implementation, they can choose to carry out cryptographic operations and decryption through the servers deployed by these websites.

The re-labeling to the ROBOT attack is justified, security experts stated, because they have also confirmed that when directly compared with the previous vulnerability, it is the same Oracle issue but some minor changes have now been made to the programming so as to make it more efficient against the new age servers.

Origin of ROBOT Attack

Back in 1998, Daniel Bleichenbacher was the famous security researcher who managed to uncover the Bleichenbacher attack.

He found that it was due to the use of a secure sockets layer, which was the predecessor to the TLS technology used in servers today.

The algorithm created by the programmers back then provided access to hackers so they could send queries to get sensitive information without the knowledge of the company affected.

The attackers can also choose to exploit the weakness to decrypt any ciphered text, which completely disproves the concept of encrypting private data for security.

They were able to pull it off without access to the secret decryption key.

A major flaw that happened in 1998 is that security experts didn’t rewrite the algorithm but rather reduced the error messages, and it is an issue that exists in Oracle even today.

network cables connected

Websites can be vulnerable to cyber attacks using different products developed by different developers.

Sites like Facebook and PayPal Vulnerable to ROBOT Attack

A team of researchers decided to take the time to explore the 100 major websites of the world and were shocked to find that even the likes of Facebook and PayPal were vulnerable to this flaw.

They published their findings on a dedicated website that outlines the technical aspects of the vulnerability and offers information on which sites are affected.

Out of the top one million websites of the world, 2.8 percent were confirmed to have this Oracle-based issue.

This proved that even though they were using HTTPS encrypted protocol, attackers could still gain access to sensitive information without much difficulty.

ROBOT was shown to be existing on Facebook when the researchers digitally signed a message with the help of the TLS server used by the social media giant.

The programmers have accidentally picked original codes from the past which already had the issue embedded in it for their encryption work.

After being notified of the vulnerability, Facebook recently released different patches to fix the issue but it still prevails on many major websites. And some of them are yet to be identified.

Some websites can be vulnerable to cyber attacks because they use products from different developers.

Even if one of them added the TLS codes and encryption using old algorithm methods, they’re bound to have already added ROBOT into the websites or any kind of programming service that they may have offered.

Cisco Product Line Affected

One of Cisco’s products, a software program called ACE, had been affected by the ROBOT attack.

The product has already been long discontinued by the company, and they no longer provide software upgrades for the lineup of products.

But Cisco is also found to be using ACE in order to serve content on their official website and if they choose to disable the RSA encryption on their product, it will leave a large group of users who are unable to patch it on their own vulnerable to attacks.

The security issues, with regards to the newly identified vulnerability, are pretty high.

RSA encryption is quite unstable at the moment if the detailed report by the researchers should be taken into account, and an immediate solution is required for the majority of the websites affected—especially those that rely on encryption and have lots of private information on their sites which, if exposed, could lead to chaos.

This is true especially for sites like Facebook and PayPal.

Oracle is already on the task, along with many other security experts.

And they plan to work together to find a solution which would help them in the long run so as to eradicate the ROBOT attack permanently.

Leave a Reply