Security Notification about ROBOT Attack Vulnerability
ROBOT, which stands for Return Of Bleichenbacher’s Oracle Threat is a vulnerability resulting from a flaw in certain RSA ciphers that handle encryption in the TLS protocol. An attacker can take advantage of the ROBOT vulnerability by repeatedly sending specially-crafted queries that result in yes-no answers from the TLS web server. Eventually, with enough responses from the TLS web server, the session key can be discovered and subsequently be used to decrypt HTTPS traffic between the web server and the user’s web browser.
The original threat was discovered by a researcher named Daniel Bleichenbacher almost two decades ago. However, Hanno Böck, Juraj Somorovsky and Craig Young recently revealed that a surprisingly large number of websites still suffered from the vulnerability, including Facebook, who paid the three researchers an undisclosed reward for their efforts, the results of which were published on December 12, 2017. (https://eprint.iacr.org/2017/1189)
For further details on the vulnerability, please refer to the Vulnerability Note VU#144389 (http://www.kb.cert.org/vuls/id/144389)
Are DrayTek routers and websites vulnerable to ROBOT attack?
We have determined that none of our products and websites suffered from this vulnerability after extensive analysis using the tools provided by third-party software that disclosed the threat. You can test websites and other applications that contain web servers (such as routers and access points) by going to (https://robotattack.org/#check). DrayTek products that are submitted to the ROBOT Check for testing will receive the following result:
which indicates that they are not affected by the vulnerability. The "problematic RSA encryption ciphers", on the other hand, refers to older RSA ciphers that are still widely supported by DrayTek and many popular websites (such as Google and Facebook) to maintain backward compatibility, and is not a cause for concern. Most modern web browsers that are in use today will automatically determine and apply the most secure encryption cipher supported by the target website.
To see a complete list of cipher suites supported by your browser, visit https://cc.dcsec.uni-hannover.de/