3

Am I vulnerable if my bank uses TLS 1.0? Is it easy for somebody to do a MITM attack? Should I just access their online banking at home where I assume it is safer to do so?

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
alexrogers
  • 133
  • 5
  • Related: [Bank login in foreign country](http://security.stackexchange.com/a/80363/8340). You can make your connection more secure by disabling plain HTTP and using a new private browsing/incognito window just to open your bank's website in. Also see Steffen Ullrich's answer below as he addresses many points regarding TLS 1.0. – SilverlightFox Jun 25 '15 at 08:39
  • As of 2015 many banking websites in the UK still use SSL 3 and TLS 1.0 and are vulnerable to the POODLE attack https://uk-banks-ssl-security.divshot.io/ – Colonel Panic Oct 12 '15 at 15:11
  • For an up-to-date table see https://uk-banks-ssl-security.firebaseapp.com – Colonel Panic Oct 05 '19 at 12:21

3 Answers3

2

If your bank uses TLS 1.0 with an SSLv3 decoding function, it is vulnerable to a MitM attack using the POODLE vulnerability.

If they are vulnerable, you are no safer accessing online banking from any particular location, the vulnerability is in the bank's TLS implementation.

You can check Poodle Scan to see if their server is vulnerable.

ztk
  • 2,247
  • 13
  • 22
  • I tried my bank, it says it's vulnerable. So is google.co.in, but not Facebook.com. How? – xyz Jun 24 '15 at 18:28
  • 1
    There any many implementations of TLS, your bank is using a vulnerable one. Google and Facebook are not. – ztk Jun 24 '15 at 19:06
  • From what I understand, SSLv3 support roughly equals POODLE vulnerability. It says Facebook doesn't support either (v2, v3) but Google and and my bank do. That has me confused. Why Google? – xyz Jun 24 '15 at 19:13
  • 1
    These implementation errors are not restricted to TLS 1.0 but happen also with TLS 1.1 and TLS 1.2. So it actually does not matter which protocol version is used if the implementation is wrong. – Steffen Ullrich Jun 25 '15 at 05:16
  • @SteffenUllrich, I agree completely. The question was about TLS 1.0, so I didn't bring it other versions which weren't related to his question. – ztk Jun 25 '15 at 13:12
2

A man-in-the-middle attack is probably not currently possible with a proper implementation of TLS 1.0. It might be possible that certain agencies with huge computing powers might capture the traffic and decrypt it later, but it is certainly not in the reach of average people and not fast enough to do man-in-the-middle attacks.

Man-in-the-middle might be possible if weak ciphers are used, but this is not related to the protocol version. See logjam attack for more information. It might also be possible with weak keys in the certificates, but many modern browsers don't even accept such certificates and this is also unrelated to the protocol version.

And of course bugs in the implementation can make the connection insecure, but these are not restricted to TLS 1.0. Their are known bad TLS 1.0+ server implementations affected by the POODLE problem, by Heartbleed, WinShock and of course you could also have client side problems like goto fail. But these are not problems of the protocol itself, only of the bad implementation. These bugs usually make it much easier to hijack the connection than trying to crack the protocol itself.

So even if it would be possible to mount an attack against the protocol itself the required resources would probably be much much higher than the attacker could gain by mounting a man-in-the-middle attack by breaking the TLS of the online banking connection. Thus probably no one would do it because there are much cheaper ways to achieve the same results, like the use of banking trojans, sslstrip or one of the bugs in the TLS implementation.

This does not mean that the bank should use only TLS 1.0. It should at least provide better TLS versions (all modern browsers support TLS 1.2), because decrypting captured TLS 1.0 traffic might be in reach of certain agencies and attacks only get better. But more important is that the bank uses an implementation not affected by the mentioned bugs and also uses HSTS to enforce encryption. And of course it should have the necessary internal security so that it servers don't get hacked and user data compromised. And don't forget to properly secure your client against banking trojans etc.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • TLS 1.0 is vulnerable to MitM if it implements an SSLv3 decoding function as SSLv3 is vulnerable to POODLE. – ztk Jun 24 '15 at 17:48
  • @ztk: TLS 1.0 by itself is not vulnerable against POODLE. But their are implementations which claim to be TLS 1.0 but don't adhere fully to the protocol specification. And some of these implementations are vulnerable. Please do not mix implementation errors with design errors, otherwise you could claim that TLS 1.2 is much more vulnerable because of Heartbleed. – Steffen Ullrich Jun 25 '15 at 05:10
0

As some of the other posters have explained, depending on the implementation of TLS 1.0 your connection to the bank could potentially be vulnerable.

You can verify TLS/SSL vulnerabilities at Qualys's online utility: https://www.ssllabs.com/ssltest/

For example, take a look at bankofamerica.com - today there are three entries, one with an A grade and the other two with a C. Even though TLS 1.2 is in use there are other potential vulnerabilities in use.

Does this mean Bank of America is not secure? Maybe yes, maybe no but what we do know is that for the IP addresses scanned that received a C grade there are some potential security issues. If those sites are physically separated or not connected to your account information in any way then chances are you are not vulnerable.

On the flip side, if an organization is using strong transport layer encryption but not hashing and salting your passwords or not properly encrypting your data stored in their databases - just to name a few - then you could be extremely vulnerable even though your connection to the organization is secure.