Why ROBOT is a Risk After Nearly 20 Years

Why ROBOT is a Risk After Nearly 20 Years

The Internet is rife with potential threats. Some are situational, but most are deliberate actions made by malicious entities who are trying to obtain any semblance of value from you or your company. Some of these exploits have been around longer than you’d imagine possible. This has been made evident by huge Internet-based companies such as PayPal and Facebook testing positive for a 19-year-old vulnerability that once allowed hackers to decrypt encrypted data.

Back in 1998, researcher Daniel Bleichenbacher found what is being called the ROBOT exploit in the secure sockets layer (SSL) encryptions that protect web-based platforms. There is a flaw in an algorithm that is responsible for the RSA encryption key--through specially constructed queries its error messages divulge enough information that after a short time they were able to decrypt ciphertext without the dedicated key for that encryption. In response, SSL architects created workarounds to limit error messages rather than eliminating the faulty RSA algorithm.

Referred to as an “Oracle” by researchers, the crypto-vulnerability provides only decisive yes and no answers, which allows people that form their queries a certain way to eventually retrieve detailed information about the contents of encrypted data. This is called an “adaptive chosen-ciphertext attack”.

Recently, researchers have found that over a quarter of the 200 most-visited websites essentially have this vulnerability, and about 2.8 percent of the top million. Facebook, the most visited website in the world for 2017, is one; while the money transfer platform PayPal is another. The explanation researchers gave was that with so much time focusing on the newest and baddest malware and exploits, this tried and true vulnerability has just been neglected. In a blog post they said as much:

“The surprising fact is that our research was very straightforward. We used minor variations of the original attack and were successful. This issue was hiding in plain sight. This means neither the vendors of the affected products nor security researchers have investigated this before, although it's a very classic and well-known attack.”

The vulnerability, now called ROBOT, an acronym for “Return of Bleichenbacher's Oracle Threat” was tested, with the findings being sent to the vulnerable sites to ensure they could get a patch created before the researchers went public with it.

Understanding the threats that are being used against businesses can go a long way toward helping you keep yours secure. For more information about the ROBOT vulnerability or what we can do to keep your company’s network secure, contact BNMC today at 978-482-2020.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, September 23 2018

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Privacy Email Malware Hackers Business Computing Network Security Microsoft Software Internet Computer Hosted Solutions Google Tech Term Mobile Devices IT Services Ransomware Business Managed IT Services Android Backup User Tips Smartphone Small Business Internet of Things Innovation Efficiency Saving Money Cloud Computing Business Continuity Hardware Data Management Data Recovery Windows IT Support Browser App Data Backup Productivity Cybersecurity Windows 10 Communication Data Artificial Intelligence Gmail Facebook Managed IT Services Server Business Management Remote Monitoring Encryption Passwords Chrome Applications Infrastructure Managed Service Provider Windows 10 Phishing Network Microsoft Office Tip of the week Money IT Support Word Outsourced IT Vulnerability Employer-Employee Relationship Disaster Recovery Analytics Smartphones communications Productivity Office 365 Settings Government Data storage BYOD Maintenance YouTube Antivirus Risk Management Social Media Website Robot Office Tips Google Drive Save Money Content Filtering Bandwidth Upgrade IT Management Big Data SaaS Data loss Unified Threat Management Telephone Systems desktop Business Intelligence Holiday Workplace Tips Two-factor Authentication Alert Firewall Spam Computing Company Culture Outlook Avoiding Downtime WiFi Scam LiFi Vendor Management Hosted Solution Monitors Wireless Managing Stress Administration Information Mouse VPN Automation Laptop Mobile Device Miscellaneous Paperless Office End of Support The Internet of Things Data Security Server Management Virtual Reality HIPAA Apple Business Technology VoIP Virtual Private Network Storage Touchscreen Mobile Security Password Statistics Monitoring Tablet Work Legal How To Lenovo Marketing Smart Tech Wi-Fi Cooperation Service Level Agreement Unified Communications Drones Mail Merge Blockchain Writing Gadgets Router Voice over Internet Protocol Windows 8 Downloads Hotspot Internet Exlporer Shortcut Troubleshooting Distributed Denial of Service Computers Digital Payment Compliance Hacker VoIP Unified Threat Management Bluetooth Spying Comparison Dark Data IT Technicians Digital Optimization Deep Learning Firefox Superfish Disaster Connectivity Analysis Staff Leominster Address Permissions Retail Users Halloween Collaboration Modem FinTech Politics Language Value Patch Management Managed IT Service Display Regulations Alt Codes User Error IoT Employee-Employer Relationship Specifications Customer Service Document Management Mirgation Spyware Recycling Bring Your Own Device Operating System Customer Relationship Management Uninterrupted Power Supply Heating/Cooling Managed Service Multi-Factor Security Computer Care Augmented Reality IBM K-12 Schools Budget Office Samsung Scary Stories File Sharing Cookies MSP Social Tech Support Computing Infrastructure Solid State Drive Professional Services Information Technology Break Fix Running Cable Social Networking Typing Humor Time Management Printer Star Wars Current Events Search PowerPoint Black Friday Chromebook Identity Theft Chatbots eWaste Best Practice Networking Buisness Servers Google Calendar Virtual Desktop Training Wearable Technology Corporate Profile Network upgrade Emergency Social Engineering Sports Nanotechnology Development Websites Alerts Hard Disk Drive USB Apps Dark Web Automobile Motherboard Cables Cryptocurrency Network Management Access Control Fraud Dell Cost Management IT solutions Going Green Onboarding Cyber Monday Identity Continuity Google Docs Slack Legislation WannaCry Smart Office Safety Cabling Screen Reader Charging Education Hacks Licensing Dongle Google Wallet Microsoft Excel Remote Computing Google Maps Wires Bitcoin SharePoint Assessment Printing Managed IT Digital Signage Smart Technology Network Congestion Cybercrime Solar Business Growth Quick Tips Techology Downtime GPS Regulation Machine Learning IT Consultant Processors Cameras Virtualization Unsupported Software Mobile Device Management Update Tracking Meetings Computer Repair Relocation Cleaning Mobile Data CCTV Printers Mobile Computing Recovery How To Work/Life Balance Webcam Health Private Cloud Black Market Error Point of Sale Ben McDonald shares Law Enforcement Electronic Medical Records Notifications Travel Physical Security G Suite Twitter Emoji Supercomputer CrashOverride Upgrades Gadget Staffing Crowdsourcing Motion Sickness Personal Information Botnet Taxes Administrator BDR Web Server what was your? Cortana IT Budget 3D Printing

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3