Thought Komodia/Superfish Bug Was Really, Really Bad? It's Much, Much Worse!

from the getting-worse-by-day dept

With each passing day, it appears that new revelations come out, detailing how the Komodia/Superfish malware is even worse than originally expected. If you don't recall, last week it came out that Lenovo was installing a bit of software called "Superfish" as a default bloatware on a bunch of its "consumer" laptops. The software tried to pop up useful alternative shopping results for images. But in order to work on HTTPS-encrypted sites, Superfish made use of a nasty (and horribly implemented) "SSL hijacker" from Komodia, which installed a self-signed root certificate that basically allowed anyone to issue totally fake security certificates for any encrypted connection, enabling very easy man-in-the-middle attacks. Among the many, many, many stupid things about the way Komodia worked, was that it used the same certificate on each installation of Superfish, and it had an easily cracked password: "komodia" which was true on apparently every product that used Komodia. And researchers have discovered that a whole bunch of products use Komodia, putting a ton of people at risk. People have discovered at least 12 products that make use of Komodia.

But it gets worse. Filippo Valsorda has shown that you didn't even need to crack Komodia's weak-ass password to launch a man-in-the-middle attack, but its SSL validation is broken, such that even if Komodia's proxy client sees an invalid certificate, it just makes it valid. Seriously.

At this point a legit doubt is: what will the Komodia proxy client do when it sees a invalid/untrusted/self-signed certificate? Because copying it, changing its public key and signing it would turn it into a valid one without warnings.

Turns out that if a certificate fails validation the Komodia proxy will still re-sign it (making it trusted), but change the domain name so that a warning is triggered in the browser.

Okay, but at least there's a warning, right? Well, no, because... as Valsorda notes, there's another horrible part of the implementation that gets around this: alternative names.
The Komodia proxy copies the server certificate almost entirely... What will it do with alternative names?

Alternative names are a X509 extension that allows to specify in a special field other domains for which the certificate is valid.

Boom. The Komodia proxy will take a self-signed certificate, leave the alternate names untouched and sign it with their root. The browser will think it's a completely valid certificate.

So all you need to do to bypass verification is put the target domain in the alternate field, instead of in the main one that will be changed on failure.

An attacker can intercept any https connection, present a self-signed certificate to the client and browsers will show a green lock because Komodia will sign it for them.

As Valsorda points out, because of this, attackers don't even need to know which Komodia-compromised software you're running. They can just fuck with them all.

Thought we were done with how bad this is? Nope. Not yet.

Because another security researcher, going by the name @TheWack0lian, found that Komodia uses a rootkit to better hide itself and make it that much harder to remove.

Komodia appears to have implemented its system in the worst way possible, and a whole bunch of companies agreed to use its product without even the slightest recognition of the fact that they punched a massive vulnerability into the computers of everyone who used their products. What's really stunning is that many of these products actually pitch themselves as "security" products to better "protect" your computer.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: alternate domains, https, komodia, man in the middle, root certificate, rootkit, superfish
Companies: komodia, superfish


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 23 Feb 2015 @ 10:14am

    So, when is Lenovo issuing a public apology along with a fix and compensation for those that were 'hacked' because of their screw up?

    link to this | view in thread ]

  2. icon
    That One Guy (profile), 23 Feb 2015 @ 10:36am

    At this point, I almost have to wonder if it's not stupidity, but outright malice behind all of this. Seriously, to screw up this bad, they have got to be doing it intentionally.

    Throwing together software that turns out to have a security hole is bad, but expected, as you can't catch them all, but this? One security flaw hidden by another, this all but screams 'This was done on purpose'.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 23 Feb 2015 @ 10:42am

    Re:

    This was done on purpose'.

    It was, forcing adverts on people is the highest purpose there is.

    link to this | view in thread ]

  4. icon
    That Anonymous Coward (profile), 23 Feb 2015 @ 10:51am

    This is should be punished by the full extend of the law. They are hacking peoples systems & making them vulnerable.
    It no longer matters if this was a boo-boo or not.

    The outcome is horrific, and there is no excuse for this.
    Sadly many people who have been hacked by this crapware still are unaware of the danger. This is one of those moments when they should moved to seize all of the records of this company and contact everyone they ever dealt with to alert them. The code should be dissected so that tools can be written to secure these victims systems and make everyone safer.

    The creators need to pay the price for their hubris.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:05am

    Re:

    Legitimate critical security threat with widespread real-world consequences?
    Nope, better go after Kim Dotcom.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:08am

    Re:

    While I agree heads should be rolling the trouble is I cannot see what law was broken.

    Lenovo simply pre-installed software on a computer, nothing illegal about that.

    If it was illegal to install software that contains security flaws surely Billy Gates would be at Gitmo by now.

    link to this | view in thread ]

  7. identicon
    David, 23 Feb 2015 @ 11:08am

    Huh.

    If a consortium of blackhats would have pooled a lot of money in order to get best value for their buck, would the outcome have been much different from Komodia?

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:08am

    Re:

    At this point this is far, far, far bigger than Lenovo, or Superfish. The company at the root of all this is Komodia, an entirely separate company from those two. Lenovo's customers are actually only a fractions of the people involved at this point. For example, Lavasoft is one of those companies affected, and they have a nice rundown of their involvement:

    https://www.facebook.com/lavasoft.adaware/posts/10153070107783361

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:10am

    Commode-ia sure picked the right name. their app should have been flushed before it ever came out.

    link to this | view in thread ]

  10. identicon
    PRMan, 23 Feb 2015 @ 11:11am

    Re:

    Except for the compensation, they are doing the rest.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:18am

    Re:

    Well, at the off all this is Komodia, an Israeli company. From their about page at the internet archive:

    "Barak Weichselbaum founded Komodia, Inc. in 2000, following his military service as a programmer in the IDF’s Intelligence Core. A custom solution provider to customers worldwide, Komodia first released its open source TCP/IP library in 2001. Through numerous projects in the past ten years, the company has found a niche in multiple areas of programming with one common theme: scarce documentation and a lack of experts. Today the company is focused on marketing its flagship product: Komodia’s Redirector."

    I really hate to don a tinfoil hat, but a company founded by ex-Israeli IDF intelligence sounds for penetration by Israeli intelligence.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:18am

    Re: Re:

    *root of

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:19am

    Re: Re: Re:

    *sounds ripe for

    yeesh.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:30am

    Re:

    This is should be punished by the full extend of the law

    Judges issue orders in court and there is a lack of followup - why should anyone expect your request will have meaning?

    link to this | view in thread ]

  15. identicon
    Michael, 23 Feb 2015 @ 11:30am

    Re:

    This is should be punished by the full extend of the law

    It will be...there was no law broken here.

    That is actually good (in my opinion) because the backlash of customers not wanting to purchase lenovo equipment should be enough to keep this from happening again. Not every stupid, greedy, ignorant business decision needs to lead to jail time, a company out of business, some people losing investment money, and a bunch of customers going elsewhere is a really good free-market result.

    link to this | view in thread ]

  16. identicon
    Whoever, 23 Feb 2015 @ 11:30am

    NSA behind this?

    The way that Komodia is broken is so bad, it's hard to believe that it is not deliberate.

    *Puts tin foil hat on*
    I suspect that the NSA is behind this, that they paid Komodia to put out a product with badly broken security. It makes hacking into companies like Gemalto so much easier.

    Unfortunately, the same broken security can be used by anyone.

    link to this | view in thread ]

  17. identicon
    PRMan, 23 Feb 2015 @ 11:34am

    Re: Re:

    "While I agree heads should be rolling the trouble is I cannot see what law was broken."

    Seriously?

    CFAA dude. They hacked people's computers without their permission.

    link to this | view in thread ]

  18. identicon
    PRMan, 23 Feb 2015 @ 11:35am

    Re: Re:

    The CFAA was broken. They did far more than they said upon installation, against the will of the user of the computer ("unauthorized").

    link to this | view in thread ]

  19. identicon
    Rich Kulawiec, 23 Feb 2015 @ 11:39am

    Oh, come now, this isn't so bad

    It's not like they did something really bad, something so destructive and damaging to the privacy and security of millions of people that it required immediate attention from federal law enforcement agencies combined with the threat of aggressive prosecution that could result in decades in prison...something like, oh, I don't know, downloading scientific research papers?

    link to this | view in thread ]

  20. identicon
    JustShutUpAndObey, 23 Feb 2015 @ 11:41am

    Of course it's all deliberate.

    It required some level of effort to implement this, so it was definitely done with malice and forethought.

    It gets even better/worse: Now that everyone knows about this, lots of other companies will start implementing this. After all, they'll only get sued if they get caught, and no one ever expects to be caught.

    By now, it ought to be obvious from all the evidence that everyone wants to spy on you without limit and restraint.

    link to this | view in thread ]

  21. identicon
    Michael, 23 Feb 2015 @ 11:49am

    Re: Re: Re:

    Go read the TOS and End User agreements for your lenovo laptop (if you have made that unfortunate choice) and you will probably find that everything they have done was clearly authorized.

    link to this | view in thread ]

  22. identicon
    Michael, 23 Feb 2015 @ 11:52am

    Re: Of course it's all deliberate.

    It required some level of effort to implement this, so it was definitely done with malice and forethought.

    As always, never attribute to malice that which is adequately explained by stupidity.

    This is most likely the work of someone that did not make the connection that this security hole they were creating would ever get exploited by someone with intent other than their own.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 23 Feb 2015 @ 11:54am

    Re: Re:

    Not to mention that redirectors and marketing are othwer words for hijacking and adware.

    10 years ago this kind of activity would have been reserved for hackers and virus-manufacturers. Today hijacking and adware are par for the course. Backdoors are becoming more commonly used in more "legitimate" businesses.

    I wonder how long it will take before hacking becomes kosher for hardware and software manufacturers?

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 23 Feb 2015 @ 12:03pm

    I have to question this is just about ads. That's too convenient and pat excuse. Myself, I think they just put a hole in one of the backdoors for the spy agencies.

    link to this | view in thread ]

  25. icon
    Chronno S. Trigger (profile), 23 Feb 2015 @ 12:07pm

    Re: Re: Re:

    The PCs security was compromised before you owned it. They compromised the security on their PCs.

    link to this | view in thread ]

  26. identicon
    Bengie, 23 Feb 2015 @ 12:19pm

    Re: Re:

    Intercepting and modifying secure data is against the law, unless it's for your own computers, like a company.

    Two question comes up
    1) Did the end user give consent
    2) Was the end user informed well enough to even be able to give consent

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 23 Feb 2015 @ 12:43pm

    Re: NSA behind this?

    You've stolen my tin foil hat there, Whoever. I made a similar comment on the earlier story.

    My supposition, though, was that NSA knew about the flaw, but were using Lenovo as cover. No need for Lenovo, superfish, or Komodia to be coopted, they'd done it to themselves, a zero-day flaw just waiting for exploitation.

    But it's a bit of a stretch to posit corruption of Komodia alone for the Lenovo issue. Lenovo used Superfish used Komodia, making three separate points of contact. Too complex, to many points of failure.

    Taking advantage of Komodia's flaws, on the other hand, that's easy.

    And tinfoil hat aside, once the story broke, you can bet that the NSA added this to its armament package within the day.

    link to this | view in thread ]

  28. identicon
    Hans, 23 Feb 2015 @ 12:44pm

    Root Certificates

    This whole thing is possible largely because they can insert a root certificate in the trust store, and you and I have very little idea what certificates are in the trust store.

    This isn't too different from the various CA hacks (think DigiNotar). You're trusting everyone everyone with a certificate in your trust store and you don't even know who they are....

    link to this | view in thread ]

  29. icon
    DB (profile), 23 Feb 2015 @ 12:58pm

    Don't confuse malice and avarice.

    If they intended to take over your machine, they wouldn't have taken this approach. They would do what virus makers do -- exploit the hole, and then harden security so that they retain control of the machine.

    Instead they were sociopaths. They solely cared about the advertising money, not the negative effects of their actions.

    It's not that they didn't understand the vulnerabilities they were creating. The implementation indicates they fully understood the architecture of certificate based authentication, and where they would need to insert the man-in-the-middle attack to substitute advertisements.

    Normal people don't think this way. Even if you hate someone enough to murder them, normal people don't bring down a plane full of people or poison a whole town. Or create a public panic so that they can profit from shorting a drug company stock. Sociopaths can't see the difference, they don't empathize with the innocent victims or see the systemic damage. They don't care about the results beyond their own benefit.

    link to this | view in thread ]

  30. identicon
    Whoever, 23 Feb 2015 @ 1:06pm

    Re: Re: NSA behind this?

    But it's a bit of a stretch to posit corruption of Komodia alone for the Lenovo issue.


    I don't posit that Lenovo was the NSA's target, rather a bonus. My suggestion is that Komodia was subsidized by the NSA to the point that adoption would be fairly widespread. That's all the NSA needed. Lenovo pre-installing it (via Superfish) was a bonus.

    *Attaches tinfoil really tightly*
    It's possible that the NSA subsidized *both* Komodia and Superfish. Superfish's logs would be very revealing about an individual. Again, all the NSA needed was widespread adoption. Enabling these companies to offer their products at a very low price would achieve this.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 23 Feb 2015 @ 1:06pm

    Re: Re: Re:

    According to Wikipedia Criminal offences under the act include:

    (1) having knowingly accessed a computer without authorization Lenovo did not access anything so this is out

    (2) intentionally accesses a computer without authorization Lenovo did not access peoples computers
    (3) intentionally, without authorization to... Lenovo did not intentionally create a security problem
    (4) knowingly and with intent to defraud, accesses a protected computer without authorization Lenovo did not access peoples computers
    (5), (6) and (7) all require knowingly or intentionally and as stated before Lenovo did not knowingly or intentionally do any of the things listed in those sections

    So no, Lenovo did not break the law, what they did was pre-install some software that turns out to have security flaws. Just installing Windows as provided by Microsoft would subject users to security flaws.

    To conclude, it is not illegal to pre-install software unless you do it for some nefarious reason meeting the criteria listed in laws.

    There may be some civil laws that apply, I think gross incompetence is the place to start there but nothing criminal.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 23 Feb 2015 @ 1:23pm

    Who wants to play a game of Spot the Differences?

    Who wants to play a game of Spot the Differences?

    http://eccentric-authentication.org/blog/2014/11/30/spot-the-differences.html

    It's more appropriate to this story than it looks at first.

    link to this | view in thread ]

  33. identicon
    Rich Kulawiec, 23 Feb 2015 @ 1:40pm

    Re:

    Normal people don't think this way.

    Precisely so. We only see this behavior in sociopaths, as in this case or with mass murderers/serial killers, serial rapists, spammers, and other similarly evil people. They don't stop because they can't stop -- and it's rarely, if ever, possible to cure them.

    Mark my words: they'll do this again. It'll be subtler and hidden behind layers of misdirection, but they'll do it again.

    link to this | view in thread ]

  34. icon
    John Fenderson (profile), 23 Feb 2015 @ 2:19pm

    Re: Re:

    "I cannot see what law was broken."

    I don't think that any law was broken, especially not by Lenovo.

    However, there may be a violation of the UCC "fitness for a particular purpose" clause. The machines that contained this software were certainly not fit to use for connecting to the internet.

    link to this | view in thread ]

  35. icon
    John Fenderson (profile), 23 Feb 2015 @ 2:21pm

    Re: Re: Re:

    1) Yes, in the clickwrap that came up on first boot.
    2) No, but since when does that count? EULAs are always having the user give consent for things that they don't really understand (by design).

    link to this | view in thread ]

  36. icon
    John Fenderson (profile), 23 Feb 2015 @ 2:24pm

    Re: Re: Of course it's all deliberate.

    "never attribute to malice that which is adequately explained by stupidity."

    Why not? In the end, it doesn't matter if it was malice or stupidity, and in this case malice (on the part of Komodia and Superfish) seems MUCH more likely than stupidity.

    link to this | view in thread ]

  37. icon
    John Fenderson (profile), 23 Feb 2015 @ 2:26pm

    Re:

    "Don't confuse malice and avarice."

    Avarice always has malice standing by its side. Always.

    link to this | view in thread ]

  38. icon
    That Anonymous Coward (profile), 23 Feb 2015 @ 3:07pm

    Re: Re: Re: Re:

    Well how about Superfish did they do something wrong?
    What about Komodia?

    They created a certificate that signs basically ANY certificate it encounters and makes bad ones good in the process.

    This is not a bug, this is defective and deceptive by design.
    At no point did they disclose everything it did to their buyers, no one would purchase a piece of software that makes you more open to being hacked but this entire piece of software does just that.

    link to this | view in thread ]

  39. icon
    JMT (profile), 23 Feb 2015 @ 3:57pm

    Re: Re: Re:

    "CFAA dude."

    The CFAA is only used against people the government doesn't like, and I doubt they give a shit about this.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 23 Feb 2015 @ 4:37pm

    Re: Re: Re: Re: Re:

    At no point did they disclose everything it did to their buyers...
    Why do I imagine a lawyer grinning and nonchalantly tossing off the phrase "Read the ToS"?

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 23 Feb 2015 @ 4:40pm

    Re:

    "This is should be punished by the full extend of the law."

    You do realize that there are different laws for different people, don't you? The full extent of the law is much different for some people than it might be you or I.

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 23 Feb 2015 @ 4:42pm

    Re: Re:

    "That is actually good (in my opinion) because the backlash of customers not wanting to purchase lenovo equipment should be enough to keep this from happening again."

    Just like it kept it from happening in the first place, huh?

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 23 Feb 2015 @ 6:26pm

    Re: Re:

    How long will this take to get traced back to NSA through the Israeli intelligence?

    link to this | view in thread ]

  44. identicon
    the threat to peace is the USA, 24 Feb 2015 @ 12:03am

    @43

    ummm they dont need ot you forget the nsa is building a large lab in israel

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 24 Feb 2015 @ 12:09am

    Oh ffs, there is only so many things they can fuck up before it becomes suspicious.
    They obviously are being paid by the NSA.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 24 Feb 2015 @ 12:13am

    Re: Re:

    And once again, Israel.
    Your comment is anti-semitic so you better keep quiet or they will come for you.

    link to this | view in thread ]

  47. identicon
    Anonymous Coward, 24 Feb 2015 @ 12:15am

    Re: Re: Re: Re: Re: Re:

    while rubbing his hands?

    link to this | view in thread ]

  48. identicon
    David, 24 Feb 2015 @ 12:35am

    Re: Re: Of course it's all deliberate.

    You don't get to compromise all SSL traffic by mere stupidity.

    This is clearly malice at work here. It may be leveraging itself over some pivoting points of stupidity, but the driving force is cunning, reckless and premeditated malice.

    link to this | view in thread ]

  49. icon
    Nop (profile), 24 Feb 2015 @ 2:28am

    Re:

    I'm probably being paranoid, but I can't help but wonder if a spook agency or criminal organisation (but I repeat myself) are behind Superfish.
    I'll be interested to see if Lenovo sue them; I certainly would if I were in their shoes, considering how expensive this is going to be for them in terms of mitigation & reputational costs.

    link to this | view in thread ]

  50. identicon
    David, 24 Feb 2015 @ 3:12am

    Re: Re: Re: Re: Re: Re: Re:

    This is too evil to have a lawyer merely rub his hands.

    link to this | view in thread ]

  51. identicon
    David, 24 Feb 2015 @ 3:18am

    Re:

    If they intended to take over your machine, they wouldn't have taken this approach.

    Why not? Machine wide open, and slightly plausible deniability. "Your honor! We did it for advertising! Free market! Thwart communism!"

    link to this | view in thread ]

  52. identicon
    Nyarlathotep, 24 Feb 2015 @ 5:22am

    Just In Case

    I didn't have time to read every response but here's a website to detect if you possibly have problems with SuperFish or Komodia.

    https://filippo.io/Badfish/

    link to this | view in thread ]

  53. icon
    Bamboo Harvester (profile), 24 Feb 2015 @ 5:32am

    Re:

    "At this point, I almost have to wonder if it's not stupidity, but outright malice behind all of this. Seriously, to screw up this bad, they have got to be doing it intentionally. "

    Agreed. The Certificate mess *could* have been pushed out by Programming to meet a deadline, but to install a Rootkit? That's definitely deliberate.

    Add to that all the screeching the NSA an GHCQ have been doing over people switching to HTTPS *only* recently, and they very well may have been TOLD to install these "bugs".

    link to this | view in thread ]

  54. icon
    DannyB (profile), 24 Feb 2015 @ 5:56am

    Re:

    Not to worry. I'm sure they will be punished as much as Sony was punished for Sony's widespread rootkit distribution on CDs; which required large numbers of people to have their OSes reinstalled at their own expense back in 2005.

    link to this | view in thread ]

  55. identicon
    Tara Li, 24 Feb 2015 @ 10:26am

    The list of "programs" at Ars Technica

    Actually only seems to be a list of companies involved, and doesn't actually name the packages/programs. I'm a bit worried about what *actually* uses this library, and if there are other libraries that do the same thing.

    link to this | view in thread ]

  56. icon
    Uriel-238 (profile), 24 Feb 2015 @ 11:16am

    This is what a "golden key" looks like.

    Maybe those needing an example of what backdoor-enabled (Golden Key, Pixie Dust, whatever) encryption looks like, it looks like this.

    And it looks like a whole lot of people being super vulnerable in the inevitable moment that the backdoor is revealed.

    link to this | view in thread ]

  57. icon
    GEMont (profile), 24 Feb 2015 @ 7:40pm

    Never attribute to incompetence, that which can be attributed to double profits.

    Yep. Sounds to me like they're NSA Crew Companies - doing the NSA's legitimate dirty-tricks work and getting paid twice for the effort.

    If they suffer absolutely not one iota of consequence for any of their actions, I'd say their federal affiliation is obvious.

    ---

    link to this | view in thread ]

  58. icon
    Fred Garvin (profile), 24 Feb 2015 @ 9:55pm

    Re: Re:

    No tinfoil required. Israel actively spies on the US (and other nations), even though their leadership promised to cease such activity after the Pollard case. Their activity is in the same category as China and France, which is to say very competent.
    Komodia is dragged along with many ISV products, which is one heck of a stealth distribution system.

    link to this | view in thread ]

  59. identicon
    Anonymous Coward, 25 Feb 2015 @ 12:30am

    Another reason to use GNU/Linux.

    link to this | view in thread ]

  60. icon
    nasch (profile), 25 Feb 2015 @ 10:38am

    Re: NSA behind this?

    I don't think this would be much use to the NSA since the attacker has to be on the same Wi-Fi network as the target. They like to capture huge quantities of data from central locations.

    link to this | view in thread ]

  61. icon
    Fred Garvin (profile), 25 Feb 2015 @ 1:02pm

    Re: NSA behind this?

    Au contraire. The man-in-the-middle attacks need not be on the same WiFi network--they're just easier.
    I'm pretty sure, though, this would require compromising one or more routers in the network--which is well within the capability of semicompetent black hats, not to mention NSA or Israel's Unit 8200.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.