HTTPS exploit ready to terrorise thousands of websites and mail servers

Diffie-Hellman downgrade weakness allows hackers in

Danger

Almost 100,000 HTTPS websites are under threat from a new vulnerability born out of attempts by the US in the early 1990s to break the encryption used by foreign entities.

First reported by Ars Technica, the 'Logjam' vulnerability affects 8.4% of the world's top one million websites in addition to a slightly higher percentage of the mail servers in the IPv4 address space, according to researchers.

"Logjam shows us once again why it's a terrible idea to deliberately weaken cryptography, as the FBI and some in law enforcement are now calling for," J. Alex Halderman, one of the scientists behind the research, told Ars Technica in an email. "That's exactly what the US did in the 1990s with crypto export restrictions, and today that backdoor is wide open, threatening the security of a large part of the web."

The exploit lets eavesdroppers view data passing over encrypted connections and then modify it to successfully perform man-in-the-middle attacks. It is born out of a flaw in the transport layer security (TLS) protocol that allows websites and mail servers to set up encrypted connections with end users, and the Diffie-Hellman key exchange is where the weakness lies.

Attackers are using Logjam to take advantage of a subset of servers supporting Diffie-Hellman, which allows two parties that have never met to set up a special key even if they are communicating over an unsecured connection.

To take advantage of vulnerable connections, attackers have to use the number sieve algorithm to precompute data. After doing that they can successfully perform man-in-the-middle attacks against the same vulnerable connection.

Keep your browser updated

Only Internet Explorer has been updated to protect against the exploit, although the researchers have been in touch with the developers of Chrome, Firefox and Safari to ensure that a fix will be implemented that rejects encrypted connections under a minimum of 1024 bits.

Researchers are advising server administrators to switch off support for the DHE_EXPORT ciphersuites that permit Diffie-Hellman connections to be downgraded and they have even provided a guide on how to do so securely. For end users, make sure your browser or email client is kept completely up-to-date with the very latest version.

Article continues below