RADIUS Vulnerability

New attack against the RADIUS authentication protocol:

The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials.

This is one of those vulnerabilities that comes with a cool name, its own website, and a logo.

News article. Research …

Continue reading RADIUS Vulnerability

New Bluetooth Attack

New attack breaks forward secrecy in Bluetooth.

Three news articles:

BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions’ forward and future secrecy, compromising the confidentiality of past and future communications between devices.

This is achieved by exploiting four flaws in the session key derivation process, two of which are new, to force the derivation of a short, thus weak and predictable session key (SKC).

Next, the attacker brute-forces the key, enabling them to decrypt past communication and decrypt or manipulate future communications…

Continue reading New Bluetooth Attack

Messaging Service Wiretap Discovered through Expired TLS Cert

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate:

The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired.

However, jabber.ru found no expired certificates on the server, ­ as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.

The expired certificate was instead discovered on a single port being used by the service to establish an encrypted Transport Layer Security (TLS) connection with users. Before it had expired, it would have allowed someone to decrypt the traffic being exchanged over the service…

Continue reading Messaging Service Wiretap Discovered through Expired TLS Cert

Man-in-the-Middle Phishing Attack

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication:

Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user. Once the authentication was completed, the threat actor stole the session cookie the legitimate site sent, so the user doesn’t need to be reauthenticated at every new page visited. The campaign began with a phishing email with an HTML attachment leading to the proxy server…

Continue reading Man-in-the-Middle Phishing Attack

New Bluetooth Vulnerability

There’s a new unpatched Bluetooth vulnerability:

The issue is with a protocol called Cross-Transport Key Derivation (or CTKD, for short). When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two sepa… Continue reading New Bluetooth Vulnerability

Interesting Attack on the EMV Smartcard Payment Standard

It’s complicated, but it’s basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able to convince the POS terminal to conduct the transaction without requiring the normally required PIN.

From a news article:

The researchers were able to demonstrate that it is possible to exploit the vulnerability in practice, although it is a fairly complex process. They first developed an Android app and installed it on two NFC-enabled mobile phones. This allowed the two devices to read data from the credit card chip and exchange information with payment terminals. Incidentally, the researchers did not have to bypass any special security features in the Android operating system to install the app…

Continue reading Interesting Attack on the EMV Smartcard Payment Standard

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0. Continue reading Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

Stopping Man-in-the-Middle Attacks With Cryptography

Man-in-the-middle. Man-in-the-browser. IP spoofing. DNS spoofing. They’re all part of the happy family of hacks generally known as Man-in-the-middle attacks, wherein a bad actor secretly relays and possibly alters the communication between two p… Continue reading Stopping Man-in-the-Middle Attacks With Cryptography

Preventing Man-in-the-Middle Attacks

When it comes to cyber security, sometimes the jargon can feel overwhelming. Ransomware, encryption, man-in-the-middle attacks… The Vaporstream blog has covered ransomware and encryption in the past, so today I wanted to focus on what a… Continue reading Preventing Man-in-the-Middle Attacks

Router malware worse than experts realize

In May, security experts discovered one of the most widespread malware infections in history. Now, they’re warning businesses and consumers that it’s even worse than their first assessment. The VPNFilter malware poses a threat to small bus… Continue reading Router malware worse than experts realize