Users of secure messaging apps such as Pidgin, Adium and others built upon libotr, the Off-the-Record protocol, are being urged to update immediately to current versions after the discovery of a critical flaw that can be used in targeted attacks to expose encrypted communication.
The OTR development team yesterday pushed out libotr 4.1.1 which patches an integer overflow vulnerability that could be exploited remotely causing a crash and opening the door to remote code execution on the compromised computer.
The flaw was privately disclosed Feb. 18 to the OTR team by X41 D-Sec of Germany, a security company headed by researcher Markus Vervier. OTR confirmed the flaw immediately and pushed a patch out March 3; public disclosure was yesterday.
Vervier told Threatpost that the patch was tested and addresses the vulnerability properly. ChatSecure, Adium and Pidgin have already update their respective apps.
Vervier explained that exploitation is not trivial; an attacker would need to send large OTR messages to a vulnerable client. In an advisory published yesterday, he explains that improper processing of these large messages (more than 5.5 GB) leads to attacker-controlled data on the heap being written out of bounds. Vervier said that an attack does not require user interaction or previous authorization.
“Exploitation is not trivial, especially since you have to send some gigabytes of data to the victim and use advanced heap grooming techniques. Yet using compressed Jabber streams and fragmented OTR messages, it is possible,” Vervier told Threatpost. “Our tests took about 10 minutes on a LAN with about 300MBIT/s of traffic. Over the internet with a fast connection, we assume it can be done in about one or two hours. There are no visible signs in the user interfaces that the user can see.”
Given the volume of data that must be sent, Vervier said that it’s unlikely such an attack can be carried out at any kind of scale.
“Due to the nature of OTR and high profile and endangered people are using it, targeted attacks would be most likely,” he said. “Many people [in] the security community and other known people such as Snowden are using OTR. Given the amount of data needed to be sent to a victim, we don’t assume that mass attacks or network worms are likely.”
Vervier explained in his advisory that his proof-of-concept exploit that because libotr supports and assembles fragmented OTR messages, it was possible to break the attack into 275 separate messages, 20MB each. He said that sending that type of message to a Pidgin client took only a few minutes on a fast network connection.
“We needed 275 messages because the Jabber server software used to test it (Prosody IM) was unable to handle larger messages properly. OTR supports sending messages in fragments,” Vervier said. “This allows us to send multiple fragments which are assembled to a very large message when the last fragment is received. You could even send the fragments over the course of several days. They will be stored as long as the chat client is running (which is usually long because people tend to never turn off their machines or phones today).”
The client will crash, Vervier said, when the overwrite hits unmapped memory. Using heap grooming, Vervier said he was able to inflate the heap to 4GB and overwrite function pointers and arguments to take over control flow.
“The released PoC will cause a crash. However we verified that it is possible to execute remote code using advanced exploitation techniques,” Vervier said. “When code execution is achieved, we have access to all chat communications and secret keys. Additionally further data as for example documents on the attacked system may be acquired.”