Monday, 23 February 2015

Researcher Late MITM Attack With Superfish Certificate See

An American security researcher demonstrated how he set up via a malicious WiFi network and the Superfish certificate Lenovo users may attack. Previously showed researcher Robert Graham already see how the password cracked that the private key of the Superfish certificate used.

Something for which he needed about three hours. Then he wanted to demonstrate that an attack with the obtained certificate would not only theoretically, as the CTO of Lenovo claimed, but also practical. For this, Graham chose as a hardware Raspberry Pi2 combined with Alpha-WiFi adapter. Through " RPI Wireless Hotspot "he changed the Raspberry Pi2 into a wifi hotspot, while sslsplit to perform the Man-in-the-middle attack used. In total, cost of setting up the hotspot also three hours.

Graham leaves on his blog how a simulated user via its Wi-Fi hotspot is internet banking can be intercepted, even though the user gets when visiting his bank site to see a valid SSL icon. According to Graham he used for performing the attack only commonly available tools. "The only special feature is sslplit, but it is a tool that companies use often for security purposes, and does not have a special hacking purpose. '" The researcher therefore concludes that this attack is really practical and not just theoretical.

No comments:

Post a Comment