October 20, 2014 By Jaikumar Vijayan 2 min read

The innocuously named POODLE attack disclosed by a trio of security researchers at Google this week demonstrates how vendor efforts to maintain backward compatibility with old technologies can sometimes backfire in a big way.

POODLE, short for Padding Oracle on Downgraded Legacy Encryption, is an attack that takes advantage of a design weakness in SSLv3, an obsolete piece of encryption software that is still widely used by Web servers around the world.

Attack of the POODLE

Google’s Bodo Möller, Thai Duong and Krzysztof Kotowicz developed the attack to show how attackers could take advantage of the SSLv3 weakness to potentially steal authentication cookies from an Internet user’s browser and use them to access associated email or bank accounts.

POODLE will not allow attackers to steal user passwords, security blogger Robert Graham noted in an Errata Security blog post. However, it will allow them to use stolen session cookies to log in to the user’s online account.

“Thus, while you are at Starbucks, some hacker next to you will be able to post tweets in your Twitter account and read all your Gmail messages,” Graham wrote. “These are two examples — they really have near complete control over your accounts.”

The problem stems from the manner in which SSLv3 implements a method known as block ciphering to encrypt whole blocks of data or groups of bits. The vulnerability gives attackers a way to decrypt encrypted communications between a browser and a Web server essentially one byte at a time using repeated browser requests.

Theoretically, the vulnerability should at least be a nonissue for most Internet users because SSLv3 became obsolete some 15 years ago. It has been replaced with a renamed and more secure encryption protocol called Transport Layer Security (TLS). TLS has been refreshed twice since it was first introduced in 1999, and work has already begun on TLS 1.3, the latest revision of the protocol.

Doing the ‘Downgrade Dance’

However, many legacy Web servers still support SSLv3 because many Web users still use old Internet Explorer 6 browsers. When a browser using a newer version of TLS encounters a Web server using SSLv3, the browser will usually automatically revert to using SSLv3, using a process that researchers describe as a “downgrade dance.”

With the POODLE attack, the Google researchers showed how attackers could essentially trick a client browser and Web server into this dance and force them to use SSLv3, even if both sides support the most recent and most secure version of TLS.

To pull this office, an attacker would essentially need to have access to the Internet connection between a Web server and the user’s browser, according to Matthew Green, a research professor at Johns Hopkins University. The attackers would also need to be able to run JavaScript on the browser, he noted.

“Unfortunately, the attack is more practical than you might think,” Green said. “You should probably disable SSLv3 everywhere you can. Sadly, that’s not so easy for the average end user.”

Disabling SSLv3 on servers could be a major challenge for website operators as well because the move will prevent Internet Explorer 6 users from accessing their sites, the security researchers noted.

However, “disabling SSL 3.0 entirely right away may not be practical if it is needed occasionally to work with legacy systems,” the Google researchers noted in their blog.

Server operators and browser makers should also consider disabling the functionality that allows their products to roll back to SSLv3, they said. Google Chrome, for instance, already uses a mechanism called “TLS_FALLBACK_SCSV” that prevents attackers from downgrading TLS protections.

More from

DHS establishes Artificial Intelligence Safety and Security Board

3 min read - As part of its commitment to addressing the rapid growth and adoption of AI technology across all industries and sectors, the Department of Homeland Security (DHS) announced the establishment of the Artificial Intelligence Safety and Security Board in late April. The Board’s first meeting is planned for early May when they will begin the task of focusing on how to develop and deploy AI technology within the United States’ critical infrastructure safely and securely. Based on the DHS Homeland Threat…

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

White House cements CISA’s role as national coordinator for cybersecurity

2 min read - In 2013, the Obama Administration rolled out "The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience", a forerunner to the Cybersecurity and Infrastructure Security Agency (CISA), created "to strengthen and maintain secure, functioning and resilient critical infrastructure." The directive was groundbreaking in 2013, noting the importance of the rising risk of cyberattacks against critical infrastructure. But as cyber risks are constantly shifting, every cybersecurity program needs to be re-evaluated, and CISA is no exception. That’s why, in April 2024,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today