Google reveals POODLE loophole in SSL 3.0, a hacker’s paradise

15 Oct 2014

Google has published details of a vulnerability in the design of SSL version 3.0, which allows hackers to calculate the plaintext of secure connections, allowing them to easily attack online bank accounts and email services.

The vulnerability means hackers can grab victims’ session cookies and hack into services such as webmail and other online accounts over HTTPS.

Google revealed the flaw yesterday and called it POODLE (Padding Oracle on Downgraded Legacy Encryption).

SSL is a technology that allows you to secure communications, such as accessing online banking or sending emails.

However, the vulnerability means hackers can sniff other computers’ security settings via Wi-Fi connections and attack at will.

SSL 3.0 is nearly 15 years old

Google Security head Bodo Möller warned, however, that the technology is long past its sell-by date.

“SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

“Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today,” he said.

Google’s recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

“Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly.”

Möller said that in the coming months Google hopes to remove support for SSL 3.0 completely from its products.

“An attacker can run JavaScript in any origin in a browser and cause the browser to make requests (with cookies) to any other origin. If the attacker does this block duplication trick they have a 1-in-256 chance that the receiver won’t reject the record and close the connection,” explained security blog Imperial Violet.

Security breach image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years