Security News > 2021 > June > New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites
Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information.
The attacks have been dubbed ALPACA, short for "Application Layer Protocol Confusion - Analyzing and mitigating Cracks in tls Authentication," by a group of academics from Ruhr University Bochum, Münster University of Applied Sciences, and Paderborn University.
TLS is a cryptographic protocol underpinning several application layer protocols like HTTPS, SMTP, IMAP, POP3, and FTP to secure communications over a network with the goal of adding a layer of authentication and preserving integrity of exchanged data while in transit.
The failure of TLS to protect the integrity of the TCP connection could therefore be abused to "Redirect TLS traffic for the intended TLS service endpoint and protocol to another, substitute TLS service endpoint and protocol."
Since the client uses a specific protocol to open a secure channel with the intended server while the substitute server employs a different application layer protocol and runs on a separate TCP endpoint, the mix-up culminates in what's called a cross-protocol attack.
To counter cross-protocol attacks, the researchers propose utilizing Application Layer Protocol Negotiation and Server Name Indication extensions to TLS that can be used by a client to let the server know about the intended protocol to be used over a secure connection and the hostname it's attempting to connect to at the start of the handshake process.