BREACH: the two Greek hackers who broke Facebook and Gmail

Two Greek researchers seem to have surprised everyone at Black Hat Asia 2016. Dimitris Karakostas and Dionysis Zindros upgraded the BREACH attack (Browser and Exfiltration via Adaptive Compression of Hypertext) to penetrate the most common algorithms of the web.karakostas zindros BREACH

The two PhD students who presented the BREACH attack were even released and a framework which will help hackers (with good intentions) and intelligence services spying on Facebook and Gmail.

dimitris karakostas dionysis zindros
Dimitris Karakostas (left) with Dionysis Zindros. Image: Darren Pauli The .

In Black Hat Asia, the pair once again proved that the Internet can not be the term security even in the most popular online services, investing a lot of money and labor hours to protect themselves.

Η του BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) είναι ακόμα πιο ισχυρή: οι hackers μπορούν να στοχεύσουν “θορυβώδη” end-points που δεν χρησιμοποιούν ισχυρούς αλγόριθμους κρυπτογράφησης, συμπεριλαμβανομένης και της 128 bit.

They say the new attack is also 500 times faster than the original attack.

The original BREACH attack was released at Black Hat in 2013 and received international acclaim. The attack compromised the common Deflate data compression algorithm which to save bandwidth in Internet communications.

Karakostas and Zedros (@dionyziz) from the National Technical University of Athens and the University of Athens described their project in the paper Practical New Developments on BREACH (PDF).

On the Black Hat Asia scene, they showed how the attack could be used to read Facebook victim's emails and Gmail emails using the "Rupture" framework, which they have developed and makes attack much simpler.

But an attack is not childish and reported that it would take weeks to successfully breach a target.

The "Rupture" framework is open and is developed by PhD students in the group.

Code

Whitepaper

iGuRu.gr The Best Technology Site in Greecefgns

every post, directly to your

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).