Extended Validation SSL certificates are designed to provide website operators and users with more security than conventional SSL certificates (also called DV-SSL certificates, Domain Validated). At the core of the technology lie strict criteria for issuing a certificate. Simply registering online – which has become standard practice for conventional SSL certificates – is no longer sufficient. This measure is to prevent attackers from obtaining dubious certificates like www.paypal.com.domainname.com. The identity of those who request a certificate is also checked more thoroughly by the certificate authority. In addition, EV-SSL certificates can no longer be signed using MD5 or RSA-1024 Bit hashes from 2010. Browser that support EV-SSL, display the URL of the accessed page in green.
The attacks presented by Sotirov and Zusman require the attacker to obtain a conventional DV-SSL certificate connected with the targeted domain. Moxie Marlinspike and Dan Kaminsky demonstrated how to achieve this at the Black Hat conference the day before. According to Zusman, various bugs in the web applications of some of the certificate authorities also allow criminals to obtain valid certificates for arbitrary domains. However, the security expert only intends to reveal more details about these vulnerabilities at the Defcon conference.
To launch an attack, attackers need to latch onto a connection via Man-in-the-Middle using, for example, a separate Wi-Fi access point or by redirecting computers in a LAN to their own, via ARP spoofing. A proxy developed by Sotirov and Zusman then carries out the actual attack. Once the browser has established the connection to a domain protected via EV-SSL, the proxy provides another certificate, but this time it is a valid DV certificate for the domain. According to the hackers, all current browsers ignore this change of certificate and continue to display the green address bar. As a result, attackers are able to view all of the data traffic. However, Sotirov and Zusman were unable to demonstrate the attack, because an internet connection could not be established via the conference Wi-Fi network due to latency problems.
Sotirov and Zusman also have ideas about how to prevent these attacks. For instance, they suggested to identify EV connections with something like httpev rather than https. This would allow browsers to cleanly separate the individual data streams and make it possible to highlight attacks based on mixed EV and DV certificates. In addition, browser manufacturers should prevent their products from accepting several different certificates for the same domain within one session.