Websites vulnerable to TLS certificate man-in-the-middle attacks

Banks, in particular, warned to ensure that sites verify transport-layer security certificates correctly

Popular web development languages remain vulnerable to transport layer security (TLS) spoofing and exploitation from revoked certificates, putting users at risk of man-in-the-middle attacks.

That is the warning of security company Sucuri, following up a 2012 academic paper that had first warned about such weaknesses. It warns that many of the vulnerabilities highlighted in that paper still have not been patched.

"Web developers today rely on various third-party APIs. For example, APIs [that] allow you to accept credit card payments, integrate a social network with your website, or clear your CDN's cache," it wrote a blog posting.

It continued: "The HTTPS protocol is used to secure the connection with the API server. However, if your web app doesn't verify the TLS certificate, a malicious person can steal your passwords or your customers' credit card numbers.

"When implemented correctly, the TLS protocol provides both encryption and authentication. The connection between your server and the API server is encrypted using a symmetric cipher (typically AES) so an eavesdropper cannot read your data.

"The server also confirms its identity (authenticates itself) by sending an X.509 certificate to the client. The client must verify the certificate's signature against the list of known root certificates, but this step is often neglected. As a result, a man-in-the-middle (MITM) attack becomes possible," warned Sucuri.

In particular, Sucuri warned that financial institutions, especially ones offering online banking or other transactions online, ought to ensure that their sites verify TLS certificates correctly. In tests, it found a complicated and poorly documented situation.

"Two years ago, IOActive tested 40 mobile banking apps and found that 40 per cent of them are vulnerable to MITM attack. Another group of researchers from Leibniz University of Hanover and Philipps University of Marburg found that eight per cent of popular Android apps fail to verify certificates. A passive MITM attack against these mobile apps is very real when you use a public Wi-Fi hotspot. The attack is also possible in case of a web server accessing a third-party API."

The trouble is, the use of third party SSL libraries, such as OpenSSL, GnuTLS and CryptoAPI, as well as higher-level data transport libraries, such as Apache HTTPClient, that act as wrappers around SSL libraries.

There are some mitigation methods that developers can employ, suggests IBM Security Intelligence

"Upgrading to the latest version of languages will remove many certificate verification problems, although not the revocation aspect... There are also web services that can test any APIs a server is using. This kind of service can identify problem situations that may arise from the use of shared or unmaintained programs.

"The end result is that TLS can still be broken, even four years after significant faults were pointed out. The remedies are there, but their use must be vigilant for them to be effective," it warned.