Over the last few years, a worryingly number of attacks against SSL/TLS and other secure channels have been discovered. Fortunately, at least from a defenders perspective, these attacks require an adversary capable of observing or manipulating network traffic. This prevented a wide and easy exploitation of these vulnerabilities. In contrast, we introduce HEIST, a set of techniques that allows us to carry out attacks against SSL/TLS purely in the browser. More generally, and surprisingly, with HEIST it becomes possible to exploit certain flaws in network protocols without having to sniff actual traffic. HEIST abuses weaknesses and subtleties in the browser, and the underlying HTTP, SSL/TLS, and TCP layers. Most importantly, we discover a side-channel attack that leaks the exact size of any cross-origin response. This side- channel abuses the way responses are sent at the TCP level. Combined with the fact that SSL/TLS lacks length-hiding capabilities, HEIST can directly infer the length of the plaintext message. Concretely, this means that compression- based attacks such as CRIME and BREACH can now be performed purely in the browser, by any malicious website or script, without requiring network access. Moreover, we also show that our length-exposing attacks can be used to obtain sensitive information from unwitting victims by abusing services on popular websites. Finally, we explore the reach and feasibility of exploiting HEIST. We show that attacks can be performed on virtually every web service, even when HTTP/2 is used. In fact, HTTP/2 allows for more damaging attack techniques, further increasing the impact of HEIST. In short, HEIST is a set of novel attack techniques that brings network-level attacks to the browser, posing an imminent threat to our online security and privacy.
Tom Van Goethem is a PhD researcher at the University of Leuven with a keeninterest in web security and online privacy. In his research, Tom performslarge-scale security experiments, both to analyse the presence of good and badsecurity practices on the web, as well as to demystify security claims. Morerecently, Tom started exploring side-channel attacks in the context of theweb, resulting in the discovery of browser-based timing attacks. In an attemptto make the web a safer place, Tom on occasion rummages the web in search forvulnerabilities.
Mathy Vanhoef is a PhD researcher at KU Leuven, where he performs research onstreamciphers, and discovered a new attack on RC4 that made it possible toexploit RC4 as used in TLS in practice (the RC4 NOMORE attack). He alsofocuses on wireless security, where he turns commodity Wi-Fi cards into state-of-the-art jammers, defeats MAC address randomization, and breaks protocolslike WPA-TKIP. He also did research on information flow security to assurecookies don't fall in the hands of malicious individuals. Apart from research,he knows a thing or two about low-level security, reverse engineering, andbinary exploitation. He regularly participates in CTFs with KU Leuven'sHacknamStyle CTF team.