May 20, 2015 · 2 minutes

A newly-disclosed vulnerability undermines several common security protocols and leaves information sent over many connections vulnerable to surveillance. It's called the Logjam bug, and it could affect thousands of sites and services.

The researchers who discovered the vulnerability guess that it might have been used by the National Security Agency to surveil its targets. It could also be used by other attackers who wish to "read and modify any data" someone is sending. Here's how the researchers describe the problem on the vulnerability's website:

Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections.

We carried out this computation against the most common 512-bit prime used for TLS and demonstrate that the Logjam attack can be used to downgrade connections to 80% of TLS servers supporting DHE_EXPORT. We further estimate that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. [...] A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. The vulnerability affects many of the world's most popular websites. Some 8.4 percent of the top 1 million domains are vulnerable to attack. If a site uses "one of a few commonly shared 1024-bit Diffie-Hellman groups," it could be open to eavesdropping from an "attacker with nation-state resources," such as the NSA.

It might be fitting that the NSA is exploiting this vulnerability. The Wall Street Journal reports that it's actually the result of a United States policy from more than two decades ago, much like the FREAK vulnerability that came before it:

In part, [the vulnerability] is an unintended consequence of an old U.S. policy to limit the strength of encryption exported to other countries. The restrictions were dropped in the 1990s, but many computers still use those weak export security keys. Attackers can force computers to use these weaker Diffie-Hellman keys.
FREAK was disclosed soon after law enforcement officials began talking about forcing tech companies to include cryptographic "backdoors" in their products. The existence of the bug, which resulted from the same policy as Logjam, made it clear that weakening encryption doesn't do any good for anyone long-term.

Browser-makers are reportedly working on fixes to prevent these attacks. Microsoft has already released an update for Internet Explorer; Apple, Google, and Mozilla are all said to be working on updates to their browsers, too, though it's not clear when they plan to make the updates available to their customers.

[illustration by Brad Jonas]