Two Greek researchers seem to be amazed at everyone in Black Hat Asia 2016. Dimitris Karakostas and Dionysis Zedros upgraded BREACH (Browser Reconnaissance and Exfiltration through Adaptive Compression of Hypertext) to permeate the most common Web encryption algorithms.
The two PhD students who presented the BREACH attack were even released and a framework which will help hackers (with good intentions) and intelligence services spying on Facebook and Gmail.
At Black Hat Asia, the couple proved once again that on the Internet there can be no term better safety ακόμα και στις πιο δημοφιλείς διαδικτυακές υπηρεσίες, που επενδύουν ένα σωρό money and working hours to protect themselves.
Η new edition of BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is even more powerful: hackers can target "noisy" end-points that do not use strong encryption algorithms, including AES 128 bit.
They say the new attack is also 500 times faster than the original attack.
The original BREACH attack was released at Black Hat in 2013 and received international acclaim. The attack compromised the common Deflate algorithm inclpressureof data used to save bandwidth in Internet communications.
Karakostas and Zedros (@dionyziz) from the National Technical University of Athens and the University of Athens described their project in the paper Practical New Developments on BREACH (PDF).
On the Black Hat Asia scene, they showed how the attack could be used to read Facebook victim's emails and Gmail emails using the "Rupture" framework, which they have developed and makes attack much simpler.
An attack, however, is not a toy and said it would take weeks to successfully break a target.
The "Rupture" framework is open source and is developed by Ph.D. students of the group.