The CRIME attack is a vulnerability in the compression of the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols and the SPDY protocol. The abbreviation stands for Compression Ratio Info-leak Made Easy.
This type of risk constitutes an attack against secret web cookies sent over connections through compressed HTTPS for SSL/TLS protocols or SPDY, Google’s HTTP-like protocol. The attack can leave cookie data vulnerable to session hijacking.
Here are the basics about the CRIME vulnerability and how you can prevent it from affecting your systems.
CRIME Vulnerability Security Assessment
CVSS Vector: AV:N/AC:H/AU:N/C:P/I:N/A:N
What Is the CRIME Vulnerability?
As noted, the CRIME attack can be executed against SSL/TLS protocols and the SPDY protocol to hijack a user’s session cookies while they’re still authenticated to a website.
This can be possible only if the protocols have enabled certain types of data compression methods. While compression can be quite handy in general, it poses the risk of unintentionally revealing clues about the content of the encryption. In particular, the TLS DEFLATE compression scheme was found to be problematic. Its compression algorithm eliminates duplicate strings.
The CRIME technique was categorized as CVE-2012-4929 by MITRE.
How Do CRIME Attacks Work?
To realize a CRIME attack, cybercriminals can abuse a weakness in the SSL/TLS protocol and the SPDY protocol’s compression mechanism to decrypt the HTTPS cookies set by a website. Then, this can force a user’s browser to forward HTTPS requests to a malicious website and to visit it, while executing the attack. Afterward, the attackers control the path for new requests.
Cybercriminals can gain information about the ciphertext size that the client browser sends. Then they can see how the compressed request payload — that has both the secret cookie sent by the browser and the injected malicious content — changes its size. When the compressed content diminishes in size, this means it’s likely that the injected content has matched some part of the secret content that they want to gain access to. By observing the change in length — the variation in the compression ratio, or its variable content — the value of the user’s session cookie can potentially be discovered.
Discovery of the Vulnerability
Adam Langley, a software engineer at Google, made the first hypothesis that such an attack can be executed. Then, the concept of the CRIME attack was officially demonstrated in 2012 by two security researchers, Juliano Rizzo and Thai Duong. They showed how it can impact a wide array of websites. The vulnerability was seen as a potential abuse technique by geopolitical criminals.
Rizzo and Duong presented a demo of the attack at the Ekoparty security conference in Buenos Aires, Argentina. Even before it, the security community had already theorized and found out many of the details around CRIME and its relation to compression technique issues.
CRIME Vulnerability Impact
The security experts identified as vulnerable TLS 1.0, applications that use TLS compression, Google’s SPDY protocol, older versions of Mozilla Firefox that support SPDY, and older versions of Google Chrome that support TLS and SPDY.
Back in 2012, about 42% of servers supported the optional feature of SSL compression, with numerous popular sites being potentially affected. Only 0.8% of servers supported the explicitly embedded SPDY. About 7% of browsers supported compression.
While the vulnerability has a low risk and low probability, its impact can be of medium strength. The reason for this is that encryption protocols are at the heart of the top security mechanisms in our digital world. They safeguard the flow of network traffic and without trusting them, we can’t have any guarantee for online safety.
As the major browsers, Chrome and Firefox were found to be vulnerable to the CRIME attack technique, Google and Mozilla created patches to address it by blocking the vulnerability. The patches were pushed through automatic updates, so only older versions remained potentially vulnerable.
The two security researchers demonstrated how the CRIME attack can be executed against websites like github.com, dropbox.com, and stripe.com through Chrome. The websites disabled the vulnerable compression in the meantime.
However, despite the timely measures of browsers and websites, the security experts Rizzo and Duong have warned that the CRIME exploit against HTTP compression has not been truly addressed. They believe that it can be more prevalent than the TLS and SPDY compression vulnerability.
How to Prevent SSL CRIME Vulnerabilities?
To prevent the CRIME attack, disable SSL compression.
When using the standard settings, CRIME is only a problem for Apache version 2.4.3.
To disable SSL compression, set the following directive in your SSL settings:
- usually /etc/apache2/mods-enabled/ssl.confor /etc/letsencrypt/options-ssl-apache.conf when using Let’s Encrypt
It’s also strongly recommended to upgrade Apache to the latest version.
Nginx is vulnerable to the CRIME attack in older versions that have SSL compression enabled.
To prevent the vulnerability, make sure to update to a recent version of Nginx and OpenSSL.
The following versions are known as secure to this attack:
- 1.0.9 (if OpenSSL 1.0.0+ used)
- 1.1.6 (if OpenSSL 1.0.0+ used)
How protected are your systems? You can use Crashtest Security’s holistic SSL/TLS scanner to check whether they’re susceptible to the CRIME attack and similar vulnerabilities.