ROBOT Attack

A nineteen-year-old vulnerability has been re-discovered in the RSA implementation from different vendors which will allow Man-in-the-Middle attacks on encrypted messages.

Threat ID:: CC-1877
Category:
Threat Severity:: Medium
Threat Vector:
Published:: 21 December 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A nineteen-year-old vulnerability has been re-discovered in the RSA implementation from different vendors which will allow Man-in-the-Middle attacks on encrypted messages.

Threat details

The vulnerability is within the transport layer security protocol used for web encryption.

The attack works when an attacker sends queries that produce “yes” or “no” answers in a type of brute force attack. Over time this will force the TLS server to reveal the session key, which allows an attacker to decrypt HTTPS traffic sent between the TLS server and the user’s browser.

When originally discovered a patch was released, but it didn’t include replacing the RSA algorithm, the TLS standard was modified to make brute-force guessing harder.

Remediation steps

Type	Step
	Check with affected vendor if a patch is available and apply it at the earliest opportunity Disable ciphers that start with TLS_RSA, if feasible.

Last edited: 17 February 2020 11:38 am