Connect with us

Saturday, 6 August 2016
2 comments

HEIST Attack On HTTPS Websites Can Steals Your Private Data

HTTPS Website Attack


HEIST Attack On HTTPS Websites Can Steals Your Private Data


Two Security researchers Mathy Vanhoef and Tom Van Goethem explained their finding in Black Hat Conference this week. HEIST is defined as (HTTP Encrypted Information can be Stolen Through TCP-Windows)


Compression-based attacks such as CRIME and BREACH can now be performed purely in the browser, by any malicious website or script, without requiring network access," the researchers said in the paper.

"If we know that HTTP/2 is used, we can let the browser simultaneously request the targeted resource, and another resource that contains reflected content," Vanhoef and Van Goethem wrote in a research paper. "Since HTTP/2 is used, both requests are sent in parallel to the server, and the server replies to them in parallel as well."

How this attack work?

It is possible to exploit two earlier attacks, BREACH and CRIME attack, to decrypt the transmitted data without the attacker having to be in a man-in-the-middle (MITM) position on the network. When a visitor surfing a compromised website, then the malicious code silently runs in the background. HEIST works with both the older HTTP/1.x and the new HTTP/2 protocols.

According to Ars,

Van Goethem and fellow researcher Mathy Vanhoef have already disclosed their findings to researchers at both Google and Microsoft. That means Wednesday's demonstration isn't likely to catch them by surprise. Still, when asked how possiblel the attack is against Gmail, Bank of America, and other real-world sites, Van Goethem gave the following answer:

If I would take my time, and write exploits for a number of websites, then visiting a malicious site (it even doesn't have to be a malicious one, there could also happen to be a malicious JavaScript file on there; there are numerous of possibilities for that to happen), could cause a lot of havoc. Probably the most damage could be dealt out by exploiting BREACH, as it allows the attacker to read out CSRF tokens. Depending on the functionality offered by the website, it could be that by knowing the CSRF token the attacker could simply take over the complete account of the victim.I haven't inspected the requests and responses of every website in detail, but as a user one should expect the worst. An attacker only has to find a single endpoint that contains a secret token and reflects part of the request in the response to extract this token. As I mentioned, knowing this token is typically enough to compromise the user's account.

How To Protect?
  1. To Disable Third Party Cookies
  2. By Disabling third-party cookies would prevent HEIST's fetch() call from authenticating with the invaded webpage.

As we have posted related story earlier,

2 comments:

  1. ⇒ To get a success, your courage must be greater than your fear. judi poker
    ⇒ Success is not measured by wealth, success is an achievement that we want bandar poker
    ⇒ Think big, and act now.agen poker
    ⇒ The formulas of a success are a hard work and never give up.Agen poker online
    ⇒ We can succeed if we learn from mistakes.poker online
    ⇒ Tomorrow is a mystery and today is a gift. domino online
    ⇒ An action is the foundation of a success.Agen Poker terpecaya

    ReplyDelete
  2. Data security is a really important problem nowadays. Everyone wants to be safe and anonymous while using the internet, and everyone wants to be sure that their personal data will not fall into the hands of other people. For example, if a student trying to order a paper from best essay writing service, he wants to stay anonymous, he wants to be sure that no one knows about it, especially his college or university professor. So I think that we have to always try to improve the methods of data security, considering the fact that we live in the era of information, and information technologies are developing with the tremendous speed.

    ReplyDelete

 
Toggle Footer
Top