Software Testing Blog

When your app gets hacked because of a bug in your code, that’s pretty bad.  But when your app gets hacked because of a bug in an underlying protocol that’s a building block of the Internet, then you’re looking at a really serious problem.

Such is the case with Twitter, which last week was shown to be vulnerable to a bug in the SSL standard.  SSL is the protocol that encrypts data going back and forth on the web, keeping our credit card numbers, usernames, passwords, and everything else safe and secure.  The trouble is, it’s broken and has been since the mid-1990s.

Right now, the IETF (the standards setting body for the Internet and the closest thing to an Internet Illuminati) has started drafting an update for SSL, but such things take time.  In the mean time, sites like Twitter are suffering the consequences.

The SSL bug can be exploited using a sophisticated man in the middle attack where an attacker stations themselves between two users on the Internet and injects data into what is supposed to be an encrypted data stream.  Note that with this bug an attacker can’t read the data stream, just put additional content inside of it.  However, in the case of Twitter, this limitation didn’t matter.  The attacker used the vulnerability to insert commands for the Twitter API that instructed it to tweet a user’s password – all without the knowledge of the original user.  Here’s an example:

In a normal case, Alice uses a Twitter app to post a Tweet.  The Twitter app uses the Twitter API to send the Tweet and dutifully encrypts all of the traffic using SSL.  Now here’s how the exploit would work:

Mallory, an evil hacker, manages to insert herself into the middle of the connection between Alice and Twitter.  Using SSL renegotiation (which is the particular feature of SSL that’s broken), Mallory is able insert an extra command in the encrypted data stream between Alice and Twitter that causes Twitter to post Alice’s password as well as her Tweet.

Twitter says they have put a fix in place which probably means they just disabled SSL renegotiation.  While not optimal, it takes care of the issue until the IETF can update the standard and new implementations can be included in all of the SSL libraries in different operating systems.

If you manage a piece of software that works this same way as Twitter, you would be very wise to take Twitter’s lead and either disable certain pieces of your API or disable SSL renegotiation all together.