After the revelation of Heartbleed and Shellshock bug this year, Google’s security engineers found a severe flaw in obsolete but still used SSL 3.0 (Secure Socket Layer). They named the bug as “POODLE” acronym for ‘Padding Oracle On Downgraded Legacy Encryption’. Three Google engineers Bodo Möller, Thai Duong and Krzysztof Kotowicz developed POODLE against SSL3.0. SSL 3.0 is a 15-year-old web security protocol, still used by browsers for encrypting data between the client and server.
Modern web browsers are designed to support new versions of SSL or TLS (Transport Layer Security) but most of the web browsers still support SSL 3.0. POODLE can force a browser to downgrade itself to SSL 3.0, where a hacker can then steal cookies of current session which can grant access to someone’s email account, Facebook account, even online bank transactions, etc. POODLE is fundamentally related to man in the middle attack (MITMA) where an attacker can take control over a network and hijack the cookies of victims connected to the network.
In a blog, Matthew Green, a cryptographer and research professor at Johns Hopkins University, wrote that many servers still supports SSL 3.0 as some internet users still use outdated browsers like Internet explorer 6 which uses SSL 3.0. “The problem with the apparent solution is that our aging Internet infrastructure is still loaded with crappy browsers and servers that can’t function without SSLv3 support,” Green wrote. “Browser vendors do not want their customers to hit a blank wall anytime they access a server or load balancer that only supports SSLv3, so they enable fallback,” he wrote.
Several steps have been taken by Google to stop encrypted connections from less secure versions of TLS and SSL and prevent downgrading of SSL. Google already developed a mechanism in Chrome called “TLS_FALLBACK_SCSV” to prevent downgrading to SSL 3.o and TLS 1.0 and 1.1, Adam Langley, works for Google Chrome browser, wrote in a blog. “We are urging server operators and other browsers to implement it too,” Langley wrote. “It does not just protect against this specific attack; it solves the fallback problem in general.”
Google is preparing a patch for Chrome that would forbid falling back to SSL 3.0 for all servers, but “this change will break things and so we don’t feel that we can jump it straight to Chrome’s stable channel. However, we do hope to get it there within weeks and so buggy servers that currently function only because of SSL 3.0 fallback will need to be updated.”
Dominant Internet companies have already started taking several steps against POODLE. Caching service provider giant Cloudflare has disabled SSL 3.0 across its network. “This will have an impact on some older browsers, resulting in an SSL connection error,” Cloudflare CEO Mathew Prince wrote. “The biggest impact is Internet Explorer 6 running on Windows XP or older.” Prince wrote that just 0.65 percent of the HTTPS encrypted traffic on CloudFlare’s network uses SSL 3.0. “The good news is most of that traffic is actually attacking traffic and some minor crawlers,” he wrote.
Robert Hansen, a browser specialist at the security firm WhiteHat Security, said POODLE is another widespread vulnerability and compared it to Firesheep – a browsing add-on that can sniff unencrypted communication over the network. “Once somebody creates a tool like Firesheep, then this gets more serious,” he said. “We possibly could see one by the end of the week.”