BEAST: It's What's for Dinner
September 29, 2011 | POSTED BY BRETT EDGAR IN SECURITY, PRIVACY
For the past week, BEAST
has been the talk
of the InfoSec community
. BEAST stands for "Browser Exploit Against SSL/TLS" and is a new way to execute an attack against CBC mode encryption algorithms. The attack has been theorized for quite some time (2006 seems to be about the time it became known), but until BEAST, an attacker had no practical way to execute the attack, and even with BEAST, the attack against CBC is still difficult to execute.
To execute a BEAST attack you must be able to "man-in-the-middle" (MitM) the network connection between the user and the web server. Simplified, that means the attacker must be able to make network traffic between a target user's browser and the web servers that user is talking to flow through the attacker's computer.
The truth is, if you can MitM connections, you are going to have an easier time executing social engineering attacks (poisoning DNS queries, for instance) than executing the BEAST attack, although a savvy user may notice the social engineering. The other 90% of users are going to be blissfully unaware.
So why all the hubbub? The answer to that question is there is no easy way to fix this vulnerability. Google has added some functionality to its Chrome browser that should be make it much harder (to the point of improbable) to execute BEAST against a Chrome user, and Mozilla is also working on a fix for its browsers. You can bet Microsoft is working on it, too, but there is no simple fix. TLSv1.1 and later aren't vulnerable to this attack, but even though those protocols have been around for half a decade now, they are sparsely deployed. Of the major browser vendors, I believe Microsoft is the only one that even offers the option of enabling those protocols, and that's only as of Internet Explorer 9.0. Fat lot of good it does IE9 users though - almost no web server on the planet supports TLSv1.1 or higher. Why? Because almost none of the browsers support it. Chicken, meet egg.
If you're paranoid, consider not connecting to untrusted wireless networks. (If you're that paranoid, you probably don't connect to wireless networks anyway.) Those are the easiest types of network for an attacker to MitM your connection, though far from the only type that is at risk.
Personally, I'm not too worried about it (yet). By the time this attack becomes widespread (if ever), I expect the remaining browser vendors will have released updates to make it much harder to execute. Maybe this will finally spur the adoption of the newer TLS protocols, though, and give the PCI SSC something else to ban from the Internet...