By Jennifer Valentino-DeVries
A dilemma this spring for engineers at big tech companies,
including Google Inc., Apple Inc. and Microsoft Corp., shows the
difficulty of protecting Internet users from hackers.
Internet-security experts crafted a fix for a previously
undisclosed bug in security tools used by all modern Web browsers.
But deploying the fix could break the Internet for thousands of
websites.
"It's a twitchy business, and we try to be careful," said
Richard Barnes, who worked on the problem as the security lead for
Mozilla Corp., maker of the Firefox Web browser. "The question is:
How do you come up with a solution that gets as much security as
you can without causing a lot of disruption to the Internet?"
Engineers at browser makers traded messages for two months,
ultimately choosing a fix that could make more than 20,000 websites
unreachable. All of the browser makers have released updates
including the fix or will soon, company representatives said.
The newly discovered weakness could allow an attacker to read or
alter communications that claim to be secure. It was disclosed
Tuesday by an international team of computer scientists that has
found several problems in technology behind prominent security
tools, including the green padlock on secure websites.
It's unclear whether hackers have exploited any of the flaws.
Researchers said they were more likely to have been used by
governments for surveillance than by criminals trying to steal
credit-card numbers. In a draft paper published Tuesday, the
researchers said the National Security Agency may have exploited
one such flaw to spy on virtual private networks, or VPNs. NSA
didn't respond to a request for comment.
The bugs and the efforts to fix them highlight key weaknesses in
computer security. Researchers say the Internet is vulnerable in
part because it is so decentralized and has been built piecemeal,
from thousands of contributors more interested in communication
than security.
"It's like an amateur rock band here," said Matthew Green, a
cryptographer and professor at Johns Hopkins University who has
been investigating the problem.
Even after the fix to a problem is publicized, many users and
website operators don't apply it. More than a year after disclosure
of the Heartbleed bug, which allowed attackers to steal protected
information, researchers at the University of Michigan say about
4,000 of the world's one million busiest websites remain
vulnerable.
The story of the new bug began several years ago, when
researchers at French computer-science lab Inria began looking for
flaws in the way different programs use communications protocols,
or computer handshakes, that underlie the Internet. Last year, they
began probing software that used TLS, or "transport layer
security," which creates secure connections for things like
electronic payments and sensitive data.
During the winter, they discovered a problem, which they called
"Freak," in the way many Android, Apple and Microsoft browsers
handled TLS.
The Freak bug, disclosed in March, was the unintended
consequence of a decades-old U.S. policy to limit the strength of
encryption exported to other countries, so the U.S. could more
easily spy on enemies.
The restrictions were dropped in the 1990s, but many computers
still included weak export security "keys," long random numbers
used to encode and decode messages. In general, the longer the key,
the harder it is to crack the code. The Freak flaw allowed an
attacker to force another computer to use a smaller "export" key,
which could more easily be broken.
The new bug, dubbed LogJam, is a cousin of Freak. But it's in
the basic design of TLS itself, meaning all Web browsers, and some
email servers, are vulnerable.
Researchers found two other reasons for worry: The LogJam flaw
allows an attacker to trick a browser into believing that it is
using a regular key, not the export version. And they saw that many
computers reuse the same large numbers to generate the keys, making
them easier to crack. Researchers say about 8% of the top million
sites are vulnerable to the new bug because they support those
export keys.
Browser makers could remedy the problem by changing their
browsers to reject small keys. But that would disable thousands of
legitimate Web servers.
The companies agreed to reject small keys, but debated where to
set the threshold. Keys are measured by their length in bits, the
1s and 0s of computer code.
A tough standard, requiring sites to have a key with 2,048 bits,
or 617 digits, would have broken more than half of the Web's one
million busiest sites, researchers said. By contrast, requiring a
key with 512 bits, or 155 digits, would maintain the status quo in
most browsers. But a 512-bit key doesn't provide much security:
Researchers were able to crack many 512-bit keys in "minutes," they
said.
Ultimately, browser makers decided to move toward rejecting keys
with fewer than 1,024 bits, or 309 digits. That could leave about
0.2% of secure websites inaccessible.
The disclosure of Freak, and the resulting publicity, likely
reduced the number of vulnerable sites. When researchers disclosed
Freak in early March, more than 36% of secure websites were
vulnerable to that problem, according to scans performed by a lab
at the University of Michigan. Less than a month later, the number
had fallen to 6%.
To fix Freak, website operators had to change a few lines of
software code. In doing so, many site operators may also have
unknowingly fixed the new bug.
Sites that recently remained vulnerable to Freak include
ohio.gov and the medical school and hospital at the University of
Chicago.
A spokesman for ohio.gov said Tuesday evening that it had
"successfully completed a fix to this problem" so the site was no
longer at risk. In a statement, the university said any user is
"subject to vulnerabilities," adding that the university "has
processes in place to manage risk."
Ironically, the main website of the University of Michigan, home
to several researchers working on the bug, was vulnerable until a
few days ago. "It takes time for the updates and patches to be
fully implemented, " a university spokesman said.
Many sites that remained vulnerable to Freak after two months
were small businesses, which might not have dedicated security
staffers assigned to monitor bug disclosures. When sites are
specifically notified of problems, they're more likely to fix them,
said Zakir Durumeric, a researcher in the Michigan lab.
One affected site, quilthome.com, which sells quilting fabrics,
fixed the Freak flaw within 24 hours of an email from The Wall
Street Journal. The site's owner declined to comment further.
Browser makers are publishing fixes for the new flaw. Microsoft
published one last week in recent Windows versions. "We encourage
all customers to apply the update to help stay protected," a
spokesperson said.
Google said it would immediately fix a test version of its
Chrome browser and that the fix would likely be in the average
person's browser within weeks. Mozilla said it is updating Firefox
within a few days.
But researchers know that it will be a while before every
website applies the fixes.
"The top sites are very good at this and fix things in a matter
of hours. Then there are major sites with an IT staff that can get
this in a few days or weeks. But then there is this very long tail
of sites that don't patch," Mr. Durumeric said. "As far as we can
tell, this tail never ends."
Rob Barry contributed to this article.
Write to Jennifer Valentino-DeVries at
Jennifer.Valentino-DeVries@wsj.com
Access Investor Kit for Apple, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US0378331005
Access Investor Kit for Google, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P5089
Access Investor Kit for Google, Inc.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P7069
Subscribe to WSJ: http://online.wsj.com?mod=djnwires