ROBOT Cryptographic Attack Can be Used to Decrypt HTTPS
A three-man research team recently discovered that a variation to a cryptographic attack from 19 years ago can be used to decrypt HTTPS traffic on a number of popular sites such as Facebook and Paypal.
Called ROBOT (Return Of Bleichenbacher’s Oracle Threat), the attack is able to bypass security countermeasures used by the TLS standard. The team revealed that under certain conditions, the ROBOT attack can be used to exploit flaws in products offered by companies like Cisco, Citrix, F5, and Radware. 27 out of Alexa’s Top 100 websites are also vulnerable to the attack.
The team also published a scientific paper wherein they divulged how they used the attack to decrypt Facebook traffic.
Source: Bleeping Computer