Researchers devise undetectable phishing attack

With the help of about 200 Sony Playstations, an international team of security researchers have devised a way to undermine the algorithms used to protect secure Web sites and launch a nearly undetectable phishing attack.

To do this, they've exploited a bug in the digital certificates used by Web sites to prove that they are who they claim to be. By taking advantage of known flaws in the MD5 hashing algorithm used to create some of these certificates, the researchers were able to hack Verisign's RapidSSL.com certificate authority and create fake digital certificates for any Web site on the Internet.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

Hashes are used to create a "fingerprint" for a document, a number that is supposed to uniquely identify a given document and is easily calculated to verify that the document has not been modified in transit. The MD5 hashing algorithm, however, is flawed, making it possible to create two different documents that have the same hash value. This is how someone could create a certificate for a phishing site having the same fingerprint as the certificate for the genuine site.

Using their farm of Playstation 3 machines, the researchers built a "rogue certificate authority" that could then issue bogus certificates that would be trusted by virtually any browser. The Playstation's Cell processor is popular with code breakers because it is particularly good at performing cryptographic functions.

They plan to present their findings at the Chaos Communication Congress hacker conference, held in Berlin Tuesday, in a talk that has already been the subject of some speculation in the Internet security community.

The research work was done by an international team that included independent researchers Jacob Appelbaum and Alexander Sotirov, as well as computer scientists from the Centrum Wiskunde & Informatica, the Ecole Polytechnique Federale de Lausanne, the Eindhoven University of Technology and the University of California, Berkeley.

Although the researchers believe that a real-world attack using their techniques is unlikely, they say that their work shows that the MD5 hashing algorithm should no longer be used by the certificate authority companies that issue digital certificates. "It's a wake up call for anyone still using MD5," said David Molnar a Berkeley graduate student who worked on the project.

In addition to Rapidssl.com, TC TrustCenter AG, RSA Data Security, Thawte and Verisign.co.jp all use MD5 to generate their certificates, the researchers say.