TLS protocol open to attack

UK scientists warn that the TLS protocol that provides security for online banking, credit card data and Facebook has “major weaknesses” which may lead to the interception of sensitive personal data.

The Transport Layer Security (TLS) protocol is used by millions of people daily. TLS provides security for online banking and for credit card purchases for online shopping.

Many corporate email systems use it, as do several huge entities including Facebook and Google.

The Information Security Group at Royal Holloway University found that a so-called ‘Man-in-the Middle’ attack can be launched against TLS that intercepts sensitive personal data.

“While these attacks do not pose a significant threat to ordinary users in its current form, attacks only get better with time. Given TLS’s extremely widespread use, it is crucial to tackle this issue now,” said the Information Security Group’s Professor Kenny Paterson. “Luckily we have discovered a number of countermeasures that can be used. We have been working with a number of companies and organizations, including Google, Oracle and OpenSSL, to test their systems against attack and put the appropriate defences in place.”

Comments are closed.