What is the POODLE attack?
In order to keep connections secure, we may use SSL and TLS protocols. This will help ensure that the data we send and receive when entering a web page travels encrypted. We prevent them from being intercepted by an intruder and put our privacy at risk. We can say that most websites are compatible today.
However, a POODLE attack relies on secure SSL connections and can potentially steal sensitive information. It is based on a vulnerability that affects this protocol and allows an attacker spy on HTTPS communications encrypted using SSL 3.0. It is a problem that Google detected a few years ago, specifically in 2014. It was registered as CVE-2014-3566.
This problem is present in servers that work through SSL 3.0, despite the fact that the most secure and most current is the TLS protocol. This makes many users today still vulnerable, since they use the SSL 3.0 protocol that may contain the security flaw that allows POODLE attacks.
The problem is that many website owners are not aware of this problem. They think their websites are properly encrypted, but in reality they are vulnerable and can put visitors at risk, should they come across an attacker who manages to exploit this flaw.
What the attacker does is trick the server and client into abandoning the encrypted connection and opting for an old and obsolete protocol. It is right there when they can intercept the connections and collect the information that is sent.
How does it work
The first thing the hacker does is deceive the victim so that it sends a request on a server that supports the TLS 1.0 protocol, which is an obsolete version. This done, when we send the request from the browser, the attacker is going to break that secure communication and result in reloading it, but this time through the vulnerable SSL 3.0 protocol.
From there, when it executes that vulnerability and manages to bypass the victim to use the SSL 3.0 protocol, it can record information and compromise privacy. You would have access to everything you send and receive, as if it were in plain text. We would be before a Man-in-the-Middle attack.
Who is affected
We can say that the poodle attacks they can put all types of users at risk. This affects both organizations and companies as well as any individual who enters the Internet on a web page that is vulnerable. This security flaw leaves an open door for a hacker to carry out a Man-in-the-Middle attack and read all the information.
It can basically affect any user who sends confidential information. For example when logging into an online service, making an online payment, etc. When the attacker accesses that communication, he is able to also steal session cookies, passwords or any account details. It is something that can affect anyone.
This naturally has serious consequences. The victim is going to see how their privacy is affected, but they can also have economic losses, loss of control of Internet accounts and loss of reputation, in the case of companies that are affected by this type of attack.
How to protect ourselves from this attack
We have seen what a POODLE attack consists of, how it affects us and who it can target. Now let’s move on to the most important point of all: how to be protected. It is essential to avoid being victims of this type of threat and to protect privacy on the network as much as possible.
An essential point is disable support for SSL 3.0 on web servers and browsers. This also has consequences, since if we disable this option on a page, older browsers will not be able to access it. However, in terms of security it is something very interesting.
To the disable it in the browser, we may have problems accessing older web pages that use this protocol. But, as in the previous case, we would be improving security and we could avoid POODLE attacks. We can do this in browsers like Chrome, Firefox or Edge.
It is also important to maintain security when browsing through untrusted networks. For example a public wifi in a mall or airport. We do not really know who may be behind that wireless network and we must take precautions to avoid problems.
A basic precaution in this sense is not to make payments or log in to sensitive accounts. In case of need, we can always choose to connect through mobile networks or use a VPN that can correctly encrypt our connection and avoid these Man-in-the-Middle attacks, as is the case with POODLE and other similar ones that act in the same way to steal personal information.
In short, POODLE attacks are a major problem that we can encounter when browsing. They can put our privacy and security at risk and allow cybercriminals to collect all kinds of personal data and passwords when browsing the Internet. We have explained some important steps to be protected, which basically is to avoid obsolete protocols as much as possible, such as SSL 3.0 and TLS 1.0 that can be exploited and serve as a gateway.