The Heartbleed BugA vulnerability in the OpenSSL Cryptographic Library

Agenda

• General overview of the vulnerability

• Process

• Heartbleed history

• Affected sites

• Exploitation of a vulnerable version of an Apache Server

• In the news…

Description of the vulnerability

• Vulnerable:• program source files: t1_lib.c and d1_both.c• functions are tls1_process_heartbeat() and dtls1_process_heartbeat()

• The actual breach: memcpy(bp, pl, payload)

bp – final destination of the data that needs to be copied;

pl – the location of the data that needs to be copied;

payload – the amount of data to copy;

There is no such thing of empty memory!

Process

• The attacker can grab 64K of memory per heartbeat

• Not limited to 1 grab!

Common Vulnerabilities and Exposures reference: CVE-2014-0160 is the official reference to this bug.

Extract sensitive

information

Read memoryExploit

History

• Dates back to 2011:• Robin Seggelmann, Ph.D. student at the University of Duisburg –

Essen implemented the Heartbeat Extension for OpenSSL• Introduced in the source code repository on December 31, 2011• Was adopted with the release of OpenSSL version 1.0.1 on March

14, 2012• Heartbeat support was enabled by default and discovered on 1st of

April 2014

“The SSL/TLS encryption, by design and implementation it’s meant to protect the information.”

… some affected sites

Target

Targeted machine:• Linux Distribution for ARM

Architecture on RaspberryPI

OpenSSL between 1.0.1 – 1.0.1 f are vulnerable

Source

Attack source:

• Kali Linux Distribution for ARM Architecture on RaspberryPI

Nmap –p 443 –script=ssl-heartbleed.nse 192.168.0.105

Attack

Attack source:

To exploit this bug we used a custom mass auditing tool crafted by Rhaul Sasi

Attack

Attack result:

0002c0b0 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 |e: application/x|0002c0c0 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 |-www-form-urlenc|0002c0d0 6f 64 65 64 0d 0a 0d 0a 75 73 65 72 3d 45 72 69 |oded....user=Eri|0002c0e0 6e 26 70 61 73 73 3d 70 61 73 73 77 6f 72 64 31 |n&pass=password1|0002c0f0 4b 3a c2 1e 8c c3 dd 39 b1 e8 de 46 41 c7 98 76 |K:.....9...FA..v|

Observations

Heartbeat can appear in different phases of the connection setup…

IDS/IPS rules to detect heartbeat have been developed

This does not require a MITM attack

Only ways to protect is to upgrade to fixed version of OpenSSL or to recompile OpenSSL with the handshake removed from the

code.

Am I vulnerable?

• Several services have been made available to test whether Heartbleed affects a given site:• Tenable Network Security wrote a plugin for NESSUS• Qualys added dedicated QIDs and developed SSLTest.com• Nmap security scanner includes a Heartbleed detection script from

version 6.45• Sourcefire has released Snort rules to detect Heartbleed attack traffic

and possible response

However, many services have been claimed to be ineffective for detecting the bug. 

…in the news

The Canada Revenue Agency reported the theft of Social Insurance Numbers belonging to 900 taxpayers in 6 hours!

Bloomberg: NSA knew about this!

Bruce Schneier:“Catastrophic is the right word. On the scale of 1 to 10, this is an 11. Half a million sites are vulnerable, including my own.”

OpenSSL Response

Theo de Raadt, founder and leader of the OpenBSD and OpenSSH:

“OpenSSL is not developed by a responsible team."

OpenSSL core developer Ben Laurie:

“OpenSSL is not reviewed by enough people”

Software engineer John Walsh:

"Think about it, OpenSSL only has two fulltime people to write, maintain, test, and review 500,000 lines of business critical code."

OpenSSL Response

OpenSSL foundation’s president, Steve Marquess:

“The mystery is not that a few overworked volunteers missed this bug; the mystery is why it hasn't happened more often."

"The fact that the code change which caused the bug was done by an individual working at 23:00 on a New Year's Eve says a lot. The

code simply wasn't reviewed enough and it went undetected for two years."

Thank you! There is higher chance to be a victim of online crime than real life crime!