KSC and ROBOT attack [KSC for Windows]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

This article explains ROBOT attack, RSA Key Exchange, OpenSSL and KSC.

Explanation

If you are running security analyzer and it shows that connections on ports 13000 (server-nagent traffic) and 17000 (activation proxy) are suspicious for a ROBOT attack, don't panic.

1. Automatic analysis is not accurate. Run specific diagnostics to make sure that KSC traffic is actually not vulnerable. Examples:
   1. https://testssl.sh/
   2. https://github.com/robotattackorg/robot-detect
2. Check https://mta.openssl.org/pipermail/openssl-dev/2017-December/009887.html that ROBOT attack site is referencing.  It states that "We're mostly focused on non-timing issues and OpenSSL is not among the vulnerable implementations", although OpenSSL uses RSA Key Exchange.

More information

What is ROBOT attack – https://robotattack.org/